Re: EFS and transparent file sharing on XP pro
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 04/29/05
- Next message: Steve Blevins: "Re: https & update problems in W2K3 SP1"
- Previous message: Steven L Umbach: "Re: EFS and transparent file sharing on XP pro"
- In reply to: Jim: "EFS and transparent file sharing on XP pro"
- Next in thread: Jim: "Re: EFS and transparent file sharing on XP pro"
- Reply: Jim: "Re: EFS and transparent file sharing on XP pro"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 29 Apr 2005 07:39:02 -0700
Don't forget about it unless you really want to, as there are only
a couple of precautions you should take.
So, this XP is not in a domain ? right?
That seems implied from some of your post.
This just happened, maybe yesterday, and out of the blue.
Did you recently change the password of the account ?
As the account is an admin it has two ways available to
give it a different password. One, which is available to
all accounts is to change it in the dialog that requires you
to provide the old and new passwords. The other is the
administrative reset of the password, which ask only for
the new password.
Using this last way will always break access to earlier
EFS encrypted files of that account.
After this happens, then the next attempt to encrypt a file
will cause a new EFS certificate to be generated for that
account.
So, let us know if you did reset the password of the account
and we can guide you back, or if you did not, then we can
puzzle with you.
-- Roger Abell Microsoft MVP (Windows Security) MCSE (W2k3,W2k,Nt4) MCDBA "Jim" <nobodyhome@antispam.tv> wrote in message news:OBTnamJTFHA.616@TK2MSFTNGP12.phx.gbl... > Pardon the cross posting, but I don't know which group this problem belongs > in.... > > Yesterday, XP pro (for a reason I can't figure out yet) added a new > certificate for EFS for my userid. As a result, files encrypted AFTER that > period of time can be decrypted w/o problem. However, none of my old files > can not. "access denied" is the message I get. > > When I view "properties" of an older file and click on "advanced," and then > "details," I see the thumbprint of the user who can transparently access the > file. However, when I try to add or remove/add the new new thumbprint (ie., > to "share access"), I get error code 5. > > Error code 5 (says MS KB article 308991) occurs when the person attempting > to share access is neither an administrator nor the person who originally > encrypted the file. Well, my account is both in the administrator group AND > is the account that encrypted the file. > > In addition, and I don't know if this is relevant, but when I select "add" > under the "Encryption Details" pane, a "Select User" pane opens up with both > my certificates listed. However, both certificates, when opened up have a > red "X" on the icon with the text: "This CA root certificate is not > trusted. To enable trust, install this certificate in the trustee rood > certification authorities store." Is this related to my problem or is this > a domain only thing? > > My bottom line: I am looking for any ideas on how to add transparent access > so I can decrypt the files and get them OUT of EFS. > > Would using "system restore" work, stepping back to the > day-before-yesterday? > > After this, beliefe me, I intend to "forgeddaboutit" as far as EFS is > concerned. What a pain! > > Thanks in advance.... > > Regards, > Jim > >
- Next message: Steve Blevins: "Re: https & update problems in W2K3 SP1"
- Previous message: Steven L Umbach: "Re: EFS and transparent file sharing on XP pro"
- In reply to: Jim: "EFS and transparent file sharing on XP pro"
- Next in thread: Jim: "Re: EFS and transparent file sharing on XP pro"
- Reply: Jim: "Re: EFS and transparent file sharing on XP pro"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
