Re: EFS and transparent file sharing on XP pro
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 04/29/05
- Next message: Roger Abell: "Re: EFS and transparent file sharing on XP pro"
- Previous message: Kevin D. Goodknecht Sr. [MVP]: "Re: https & update problems in W2K3 SP1"
- In reply to: Jim: "EFS and transparent file sharing on XP pro"
- Next in thread: Jim: "Re: EFS and transparent file sharing on XP pro"
- Reply: Jim: "Re: EFS and transparent file sharing on XP pro"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 29 Apr 2005 09:27:29 -0500
Use the mmc [mmc in run box] snapin for certificates for user to view your
personal certificates under the personal/certificates folder. See if you
have certificates for EFS and the first page of certificate properties must
show "you have a private key that corresponds to this certificate". It
almost sounds like your original EFS certificate/private key has been
deleted or severely corrupted. If the operating system was reinstalled then
very possibly the original certificate/private key has been deleted. EFS
best practices are that users must export their certificate and private key
to a password protected .pfx file or loss to data can be permanent. Efsinfo
can also be used to find more information about any EFS files and the
existence of a Recovery Agent which may be possible particularly if you are
in an Active Directory domain. --- Steve
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B243026
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316
"Jim" <nobodyhome@antispam.tv> wrote in message
news:OBTnamJTFHA.616@TK2MSFTNGP12.phx.gbl...
> Pardon the cross posting, but I don't know which group this problem
> belongs
> in....
>
> Yesterday, XP pro (for a reason I can't figure out yet) added a new
> certificate for EFS for my userid. As a result, files encrypted AFTER
> that
> period of time can be decrypted w/o problem. However, none of my old
> files
> can not. "access denied" is the message I get.
>
> When I view "properties" of an older file and click on "advanced," and
> then
> "details," I see the thumbprint of the user who can transparently access
> the
> file. However, when I try to add or remove/add the new new thumbprint
> (ie.,
> to "share access"), I get error code 5.
>
> Error code 5 (says MS KB article 308991) occurs when the person attempting
> to share access is neither an administrator nor the person who originally
> encrypted the file. Well, my account is both in the administrator group
> AND
> is the account that encrypted the file.
>
> In addition, and I don't know if this is relevant, but when I select "add"
> under the "Encryption Details" pane, a "Select User" pane opens up with
> both
> my certificates listed. However, both certificates, when opened up have a
> red "X" on the icon with the text: "This CA root certificate is not
> trusted. To enable trust, install this certificate in the trustee rood
> certification authorities store." Is this related to my problem or is
> this
> a domain only thing?
>
> My bottom line: I am looking for any ideas on how to add transparent
> access
> so I can decrypt the files and get them OUT of EFS.
>
> Would using "system restore" work, stepping back to the
> day-before-yesterday?
>
> After this, beliefe me, I intend to "forgeddaboutit" as far as EFS is
> concerned. What a pain!
>
> Thanks in advance....
>
> Regards,
> Jim
>
>
- Next message: Roger Abell: "Re: EFS and transparent file sharing on XP pro"
- Previous message: Kevin D. Goodknecht Sr. [MVP]: "Re: https & update problems in W2K3 SP1"
- In reply to: Jim: "EFS and transparent file sharing on XP pro"
- Next in thread: Jim: "Re: EFS and transparent file sharing on XP pro"
- Reply: Jim: "Re: EFS and transparent file sharing on XP pro"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
