Re: EFS and transparent file sharing on XP pro
From: Jim (nobodyhome_at_antispam.tv)
Date: 04/29/05
- Next message: Galen: "Re: Free Download: Visio Connector for MBSA"
- Previous message: Jim: "Re: EFS and transparent file sharing on XP pro"
- In reply to: Steven L Umbach: "Re: EFS and transparent file sharing on XP pro"
- Next in thread: Roger Abell: "Re: EFS and transparent file sharing on XP pro"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 29 Apr 2005 13:18:09 -0500
Thanks for your help.
And thanks for the URLs -- I've just bookmarked them!
"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:%232N27UOTFHA.3392@TK2MSFTNGP12.phx.gbl...
> If that is the case then follow Roger's advice as the password "reset" on
a
> workgroup computer will deny access to EFS files. This is done as a
> precaution to prevent access to your EFS files from an attacker that may
> gain administrative access to your computer. The link below explains more
on
> this. --- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;290260
>
> "Jim" <nobodyhome@antispam.tv> wrote in message
> news:Ojo5u9NTFHA.2560@TK2MSFTNGP09.phx.gbl...
> >
> > "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> > news:%23muiVdMTFHA.3540@TK2MSFTNGP10.phx.gbl...
> >> Use the mmc [mmc in run box] snapin for certificates for user to view
> >> your
> >> personal certificates under the personal/certificates folder. See if
you
> >> have certificates for EFS and the first page of certificate properties
> > must
> >> show "you have a private key that corresponds to this certificate".
> >
> > Yes.
> >
> > And "details" pane shows the key, which appears to be "good."
> >
> >>It
> >> almost sounds like your original EFS certificate/private key has been
> >> deleted or severely corrupted. If the operating system was reinstalled
> > then
> >> very possibly the original certificate/private key has been deleted.
> >
> > A long time ago, the operating system was rebuilt after a HD failure.
But
> > I've been encrypting and decrypting old and new files since then.
> >
> >>EFS
> >> best practices are that users must export their certificate and private
> > key
> >> to a password protected .pfx file or loss to data can be permanent.
> > Efsinfo
> >> can also be used to find more information about any EFS files and the
> >> existence of a Recovery Agent which may be possible particularly if you
> > are
> >> in an Active Directory domain. --- Steve
> >
> > This computer is in a workgroup and not a domain.
> >
> > "efsinfo" shows that my account can decrypt.
> >
> > And (as noted) in my reply to Roger (Message-ID:
> > <OyQzhiMTFHA.2548@TK2MSFTNGP14.phx.gbl>), I did change my account
> > password
> > at or after the time I encrypted the most recent file (per timestamp)
that
> > I
> > cannot access. "New" files decrypt fine.
> >
> >>
> >> http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B243026
> >> http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316
> >>
> >> "Jim" <nobodyhome@antispam.tv> wrote in message
> >> news:OBTnamJTFHA.616@TK2MSFTNGP12.phx.gbl...
> >> > Pardon the cross posting, but I don't know which group this problem
> >> > belongs
> >> > in....
> >> >
> >> > Yesterday, XP pro (for a reason I can't figure out yet) added a new
> >> > certificate for EFS for my userid. As a result, files encrypted
AFTER
> >> > that
> >> > period of time can be decrypted w/o problem. However, none of my old
> >> > files
> >> > can not. "access denied" is the message I get.
> >> >
> >> > When I view "properties" of an older file and click on "advanced,"
and
> >> > then
> >> > "details," I see the thumbprint of the user who can transparently
> >> > access
> >> > the
> >> > file. However, when I try to add or remove/add the new new
thumbprint
> >> > (ie.,
> >> > to "share access"), I get error code 5.
> >> >
> >> > Error code 5 (says MS KB article 308991) occurs when the person
> > attempting
> >> > to share access is neither an administrator nor the person who
> > originally
> >> > encrypted the file. Well, my account is both in the administrator
> >> > group
> >> > AND
> >> > is the account that encrypted the file.
> >> >
> >> > In addition, and I don't know if this is relevant, but when I select
> > "add"
> >> > under the "Encryption Details" pane, a "Select User" pane opens up
with
> >> > both
> >> > my certificates listed. However, both certificates, when opened up
> >> > have
> > a
> >> > red "X" on the icon with the text: "This CA root certificate is not
> >> > trusted. To enable trust, install this certificate in the trustee
rood
> >> > certification authorities store." Is this related to my problem or
is
> >> > this
> >> > a domain only thing?
> >> >
> >> > My bottom line: I am looking for any ideas on how to add transparent
> >> > access
> >> > so I can decrypt the files and get them OUT of EFS.
> >> >
> >> > Would using "system restore" work, stepping back to the
> >> > day-before-yesterday?
> >> >
> >> > After this, beliefe me, I intend to "forgeddaboutit" as far as EFS is
> >> > concerned. What a pain!
> >> >
> >> > Thanks in advance....
> >> >
> >> > Regards,
> >> > Jim
> >> >
> >> >
> >>
> >>
> >
> >
>
>
- Next message: Galen: "Re: Free Download: Visio Connector for MBSA"
- Previous message: Jim: "Re: EFS and transparent file sharing on XP pro"
- In reply to: Steven L Umbach: "Re: EFS and transparent file sharing on XP pro"
- Next in thread: Roger Abell: "Re: EFS and transparent file sharing on XP pro"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
