Re: File encryption and restoring keys

From: Robert Gu [MS] (robertg@online.microsoft.com)
Date: 08/22/02 

From: "Robert Gu [MS]" <robertg@online.microsoft.com>
Date: Wed, 21 Aug 2002 18:08:42 -0700

Can you provide the detailed repro steps? What machine setting you have,
domain member or standalone, if in a domain, what server it is, Win2K or
something else? What backup utility you used? The user account name (local
default admin, a domain user or something else). And etc. 

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Robert Gu [MS Security Developer]
"Jeff Durham" <root@localhost> wrote in message
news:OKs5Q4VSCHA.2564@tkmsftngp13...
> My use of restore means to use the backup utility for backing up my entire
> user directory and then restoring it later after I reformatted the disk
and
> installed XP.
>
> Jeff
>
>
> "Robert Gu [MS]" <robertg@online.microsoft.com> wrote in message
> news:eY3QMJTSCHA.1640@tkmsftngp11...
> > Can you explain your word of "restore"? I would be very interested if
your
> > "restore" means simply copy the files.
> >
> > Just because you have the recovery agent cert+keys, that would not give
> you
> > the access to the files if the OS was reinstalled, unless you have
backed
> up
> > your recovery cert + keys and imported them to the new OS. Recovery
> > cert+keys are stored the same way in the recovery agent's account as the
> > normal EFS cert+keys in the normal account. You have to export and
import
> > it.
> >
> > --
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> >
> > Robert Gu [MS Security Developer]
> > "Jeff Durham" <root@localhost> wrote in message
> > news:eZ9JymSSCHA.1820@tkmsftngp13...
> > > I do not have a roaming user profile.  However, my username is
> designated
> > as
> > > a recovery agent.  Maybe that is why it works.  If I only restore my
> data
> > > files in my documents (those are the files that are encrypted) and not
> > > everything else in my user, I then cannot access my encrypted files.
> > >
> > > Jeff
> > >
> > > "Robert Gu [MS]" <robertg@online.microsoft.com> wrote in message
> > > news:OmSG7AKSCHA.3772@tkmsftngp08...
> > > > Even the domain case would destory the access to EFS file, except,
> > > >
> > > > 1. The user account use Roaming User Profile. Or,
> > > > 2. The user has the recovery agent private key.
> > > >
> > > > --
> > > > This posting is provided "AS IS" with no warranties, and confers no
> > > rights.
> > > >
> > > > Robert Gu [MS Security Developer]
> > > > "Torgeir Bakken" <Torgeir.Bakken-spam@hydro.com> wrote in message
> > > > news:3D62B443.C8AA4F3B@hydro.com...
> > > > > Jeff Durham wrote:
> > > > >
> > > > > > Something does not make sense here.  I had many encrypted files.
> I
> > > > backed
> > > > > > up my user directory under Documents and Settings.  Blew away
the
> > > > machine.
> > > > > > Restored the user.  I could access all of my encrypted files
(yes,
> > > they
> > > > were
> > > > > > and are encrypted).  My machine name did not change and belongs
to
> a
> > > > domain
> > > > > > that does have a cerftificate authority (private network).
> > > > > >
> > > > > > Either this is a major bug with XP or there is a
misunderstanding
> on
> > > > your
> > > > > > part.
> > > > >
> > > > > Yes and no for the misunderstanding part ;-). My description was
for
> a
> > > > > non-domain context. When you now say this is in a domain setting,
> > thinh
> > > is
> > > > > pretty different ;-)
> > > > >
> > > > > --
> > > > > torgeir
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: File encryption and restoring keys
    ... It could be that the "restored" user has the same SID as before. ... This posting is provided "AS IS" with no warranties, and confers no rights. ... > "restore" means simply copy the files. ... > your recovery cert + keys and imported them to the new OS. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: File encryption and restoring keys
    ... My use of restore means to use the backup utility for backing up my entire ... > your recovery cert + keys and imported them to the new OS. ... >> everything else in my user, I then cannot access my encrypted files. ... >> rights. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: OT:Thanksgiving
    ... Florida voters who had committed felonies in Texas. ... As to why the department included states that restore voting rights, ... Governor's Office of Executive Clemency, dated September 18, 2000, arrived only seven ...
    (comp.lang.cobol)
  • Re: 2008 AD restore
    ... * This posting is provided "AS IS" with no warranties and confers no rights! ... Always test ANY suggestion in a test environment before implementing! ... It is easier because you do not have to restore the system state and you use DCs that are not used for auth/LDAP/etc. ...
    (microsoft.public.windows.server.active_directory)
  • Re: 2008 AD restore
    ... It is easier because you do not have to restore the system state and you use DCs that are not used for auth/LDAP/etc. ... * This posting is provided "AS IS" with no warranties and confers no rights! ... Always test ANY suggestion in a test environment before implementing! ...
    (microsoft.public.windows.server.active_directory)