EFS data recovery - handholding needed

From: martin (martin_26@optusnet.com.au)
Date: 10/03/02 

From: "martin" <martin_26@optusnet.com.au>
Date: Wed, 2 Oct 2002 19:33:26 -0700

Hi Paul,

   When u say you exported the PFX & CER with the cyper /r
filename, this is the switch command used to create the
recovery agent in XP as XP eliminated the default recovery
agent creation which was a default setting in win2000

> Did u actually export the correct PFX/CER using the MMC
Certificates snap in , First of all ?

Second ,What is the exact message you are getting,which of
the following is it ?

1.Access Denied
2."%Name of File% is not accessible,access is denied"

What i found is that if i created a folder & encrypt its
contents & for example only have myself and the
administrator as users with access to the file, if i deny
NTFS permission to the administrator , even if i log in as
Administrator & import the PFX & CER of the encrypted
file , if i have being denied NTFS permission to the file
i will get error message NUMBER 2 (as typed in above)
however, you can accept ownership of the file & then have
access to it,

I hope im on the right tracks with this one, let me know
it this reflects your situation OK ..

regards

martin.

>-----Original Message-----
>Hi
>I'm still stuck on how to recover encrypted files. I have
created an
>encrypted folder under my a/c that has admin rights.
Under the same a/c I've
>exported the CER & PFX files to a floppy using "cipher /R
filename" (thanks
>JJ).
>
>I've booted to another instance of XP as Administrator &
imported the PFX
>file successfully into the Personal store where it shows
up as an EFS cert.
>I then tried to decrypt the folder but was told that I
didn't have
>permission to do so. The folder itself decrypted but not
the contents! I
>then tried to run the DRA & imported the CER file (which
is probably wrong
>as its for my a/c on the original instance of XP) & that
didn't help. I'm
>stuck. Further help please!
>TIA
>
>
>.
>

Relevant Pages

  • Re: Event ID 6032
    ... And no WebDAV share on the SBS partition that houses the My Docs folder, ... such as the users that are allowed to decrypt the file. ... by default the Administrator account should be the recovery agent. ... to encrypt, you should just be able to un-click the box to decrypt. ...
    (microsoft.public.windows.server.sbs)
  • Re: Locked out
    ... Tried the NT password changer. ... Tried to do a recovery in recovery ... password for the built-in Administrator account is blank on default. ... "Access is Denied" Error Message When You Try to Open a Folder ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Remove domain user ability to encrypt files
    ... designation the "domain" administrator as the recovery agent for all domain ... administrator can do with it what he/she pleases. ... > only have permissions to save documents in their My Documents folder. ... But we don't want users to be able to encrypt their files so ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Hard drive failed SBS - recover on another computer?
    ... As a general rule, if you didn't encrypt the contents, then you normally can ... If the case were that a folder had been specifically locked down to prevent ... the Administrator from view it, the Administator can take ownership of the ... > I am wondering if there is security in SBS2003 or NTFS ...
    (microsoft.public.windows.server.sbs)
  • Re: Encryption
    ... Data Protection and Recovery in Windows XP ... i did encrypt some files. ... also i> tried to enter via the administrator "from safe mode" but> also the same.... ... > also when i try to make a recovery there's no> recovery/agent names and when pressing on "backup keys" a> msg appear says: the certificate or key is not available> for export on this machine. ...
    (microsoft.public.windowsxp.security_admin)