Re: Corrupted Admin Profile

From: bigfoot@worldcommunications.ca
Date: 09/14/02

• Next message: anton van wamelen: "error 11606 problem solved....."
• Previous message: Roger Abell [MVP]: "Re: WinXP and SMS Logon Script"
• In reply to: Torgeir Bakken: "Re: Corrupted Admin Profile"
• Next in thread: Torgeir Bakken: "Re: Corrupted Admin Profile"
• Reply: Torgeir Bakken: "Re: Corrupted Admin Profile"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: <bigfoot@worldcommunications.ca>
Date: Sat, 14 Sep 2002 12:28:50 -0400

I have a similar situation, however, I forgot to unencrypt files before I
reinstalled xp. Even when though I have the same user name and password, I
still don't have access. (fortunately, there are only a couple of files
that I would like to have, the rest I have backups). I have been trying for
a month to solve this dilema. Are you saying there is not way to recover
them? If so, I can give up! LOL

Jim
"Torgeir Bakken" <Torgeir.Bakken-spam@hydro.com> wrote in message
news:3D835CBF.C5F25B38@hydro.com...
> Adam Warr wrote:
>
> > I've a rather urgent appeal for help. I use XP pro on my
> > standalone home PC and have encrypted some files in "My
> > Pictures" (nothing smutty, honest!)
> >
> > The other morning XP fell over when loading my account
> > with a corupted profile - a temporary [profile was loaded
> > instead.
> >
> > The big problem is with these encrypted files - they
> > cannot be opened with the re-created account as "Access
> > is denied" and I am unable to take control despite the
> > account having the same credentials as before.
>
> Hi
>
> If you haven't exported (backed up) the EFS Private Key with the original
user,
> you *must* get the old user up and running again, or else your files are
> toast...
>
> It doesnt't help to create a new user with the same name and password, it
is
> still not the same user,
>
>
> My view on EFS:
>
> Do not to use encryption (EFS) unless you are in a domain and you know
what you
> are doing. Too much things can go wrong. You will most likely sooner or
later
> loose your data (for good). It is not without reason some people calls EFS
> the "delayed Recycle Bin". Use NTFS permissions instead to protect your
data.
>
> The major problem with EFS is not having as proper backup of the
encryption
> keys, as well not having created a Recovery Agent (with backup of the
recovery
> agents keys). If you don't have this in place before you start encrypting
your
> files, and you need to reinstall you OS of some reason or other, your
files will
>
> not be recoverable. They will effectively be gone forever. Read the links
below,
>
> and understand what they say before you start using encryption.
>
>
> But if you must use EFS, in this link:
>
http://www.microsoft.com/WINDOWSXP/pro/techinfo/administration/recovery/defa
ult.asp
>
> it is described how to create a data recovery agent (DRA), and also gives
> information/links on to how to export keys, e.g.
>
> "Data Recovery on Standalone Machines"
> "Importing and Exporting Data Recovery Agent Keys"
>
>
> Under "Knowledge Base Articles on EFS" you will find e.g.
>
> Q241201 How to Back Up Your Encrypting File System Private Key
> Q259732 EFS Recovery Agent Cannot Export Private Keys
> Q255742 Methods for Recovering Encrypted Data Files
>
>
> Reading Q255742, will give you this as well:
>
> Q241201 HOW TO: Back Up Your Encrypting File System Private Key in Windows
2000
> Q242296 How to Restore an EFS Private Key for Encrypted Data Recovery
>
>
> If your computer is not a member of an AD domain, this part of the
document is
> obligatory reading:
>
> "Using EFS with Standalone Machines or NT 4.0 Domains"
>
>
> --
> torgeir
>
>

---

• Next message: anton van wamelen: "error 11606 problem solved....."
• Previous message: Roger Abell [MVP]: "Re: WinXP and SMS Logon Script"
• In reply to: Torgeir Bakken: "Re: Corrupted Admin Profile"
• Next in thread: Torgeir Bakken: "Re: Corrupted Admin Profile"
• Reply: Torgeir Bakken: "Re: Corrupted Admin Profile"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Replace Domain Controller ... Depending on your EFS recovery you may also want to backup your EFS private ... Export your Private Key from Recovery Agent ... private key so that you can recover encrypted data in the event that you ... (microsoft.public.windows.server.active_directory) Re: EFS Private Keys ... It's possible to have a cluster that was in use that couldn't be wiped. ... > syskey was to EFS in W2K, ... >>> the private keys are protected however the key to the private key is ... >>> stronger encryption available for EFSfiles permanently if you don't. ... (microsoft.public.win2000.security) Re: Corrupted Admin Profile ... > My view on EFS: ... > Do not to use encryption unless you are in a domain and you know ... as well not having created a Recovery Agent (with backup of the ... > Q241201 How to Back Up Your Encrypting File System Private Key ... (microsoft.public.windowsxp.security_admin) Re: ciphered files ... > If you are not in a domin, and you did not export your encryption keys ... > My view on EFS: ... as well not having created a Recovery Agent (with backup of the ... (microsoft.public.windowsxp.security_admin) Re: efs and "encryption" overall... help? ... What I referred to was that the only way to make totally sure that the EFS ... encrypted files are safe is to export/delete the certificate and private key ... require the user to enter the password used to protect the private key. ... >> uses much stronger encryption to encrypt EFS files, ... (microsoft.public.windows.server.networking)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)