Re: Encryption problem

From: Robert Gu [MS] (robertg@online.microsoft.com)
Date: 05/10/02 

From: "Robert Gu [MS]" <robertg@online.microsoft.com>
Date: Fri, 10 May 2002 13:54:41 -0700

Standalone XP has no recovery agent by default. Change password normally
would not cause the denial. How did you change the password? If you RESET
the password, you will lose the access to the files. This is for your
safety. Else people can just grab your machine and reset your password.

Use the right way to change your password when you use EFS. Actually, you
could lose other keys if you reset your password.

To get back your files, you can change the password back to your old one.
Don't ever reinstall another OS over the existing one unless you have backed
up your EFS cert+keys or decrypted your files. Upgrade is OK.

You should back up your EFS cert+keys as a good practice. See Start->Help if
you don't know how to. 

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Robert Gu [MS Security Developer]
"Rod" <fake@fake.com> wrote in message news:uLcoU2D#BHA.772@tkmsftngp05...
> Change your password back to what it was when you encrypted the files.
>
> "Filip" <muresan109@xnet.ro> wrote in message
> news:#XwNWbD#BHA.1980@tkmsftngp04...
> > The story begins like this:
> > I have upgraded my WinMe to WinXP Pro on a stand-alone computer, then
> > converted FAT32 to NTFS. After i did that i have encrypted several word
> > documents using an administrator account. After the password has expired
i
> > have change it and SURPRISE i cannot access the encrypted files anymore.
> > That's because initialy WinXP hadn't configured any restore agents
> although
> > in help (if i understood well) it says that by default admin is the
> recovery
> > agent.
> >
> > Is this somehow reversible?
> > All the XP pro installations are the same, that is don't define by
default
> > admin as the recovery agent?
> >
> >
> >
> >
>
>

Relevant Pages

  • Re: Password question
    ... This change [versus W2K EFS] was done to improve confidentiality of EFS encrypted ... In W2K a recovery agent was required for EFS while it is not in XP Pro. ... are followed including encrypting only folders and may include the use of cipher /w ... > To avoid such data loss, do not reset a user's password. ...
    (microsoft.public.cert.exam.mcse)
  • Re: Password question
    ... This change [versus W2K EFS] was done to improve confidentiality of EFS encrypted ... In W2K a recovery agent was required for EFS while it is not in XP Pro. ... are followed including encrypting only folders and may include the use of cipher /w ... > To avoid such data loss, do not reset a user's password. ...
    (microsoft.public.cert.exam.mcse)
  • Re: EFS recovery problem
    ... > groups *should* _not_ effect efs. ... >>A recovery agent will only be of use if it was set up before ... >>and since changing the group memberships of an account should ... Log out of Admin, ...
    (microsoft.public.windowsxp.security_admin)
  • Re: EFS recovery problem
    ... I am not sure at which point your EFS access was broken, ... A recovery agent will only be of use if it was set up before ... Since your account is now set with the same password as before, ... Log out of Admin, ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Encrypted File System
    ... research i ve found out that i could use the encrypted file system to ... admin,but still he would be the default recovery agent within the ... The best you could do is make in 'inconvenient' for an admin. ... EFS revocery is in group policy. ...
    (microsoft.public.windows.server.sbs)