Re: EFS data recovery - handholding needed

From: Paul Busby (xbusby@tele2.co.uk)
Date: 10/04/02

• Next message: TIm Gardner: "Access is Denied accessing a user's folder after deleting the user"
• Previous message: Don: "Children's Access"
• In reply to: Earl Lewis: "Re: EFS data recovery - handholding needed"
• Next in thread: Earl Lewis: "Re: EFS data recovery - handholding needed"
• Reply: Earl Lewis: "Re: EFS data recovery - handholding needed"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Paul Busby" <xbusby@tele2.co.uk>
Date: Fri, 4 Oct 2002 14:28:06 +0100

In news:bmlppuo8bg0g81351sao1cf00qvf0tk38p@4ax.com,
Earl Lewis <brassono_spam@mybizz.net> pulled the chain then typed:
> Paul,
> Allow me to quote Robert G. (who I mistakenly called 'Roger' this
> morning, sorry) from the thread 'EFS experment need help':
> Quote
> Assume you want to protect your own files not being lost due to the OS
> corruption or disks with profile corrupted or for what ever reason you
> lost your keys, my advice is still not using recovery policy. Just
> export your current EFS cert. Recovery policy is only useful for one
> admin to recovery multiple users' EFS files.
>
> You can test exporting and importing your EFS cert with two user
> accounts and one machine, absolutely.
>
> 1. Logon as user A. Encrypt a file. Use EFSINFO /u /c FILENAME to see
> the cert used for the file.
> 2. In MMC cert page, find the cert and export it to a PFX file. (PFX
> will have private key in it and CER only has public key in it.
> Cert+keys means PFX).
> 3. Now login as user B. Try to open the file. You will get access
> denied. Then import the PFX file. (Do not choose strong protection.
> EFS does not support strong protection, which means CSP will pop up
> every time you use the private key.) After you imported the file, user
> B should be able to open the file encrypted by user A.
>
> This proves you can open the EFS file encrypted with that cert in the
> PFX file in any XP+ OS with any account. This also works with Win2K.
> Unquote
>
> So that's how it's supposed to work when you Import your pfx
> certificate. I'm ashamed to say I haven't gotten around to actually
> trying it myself. One of these days.
> Earl

This beginning to really piss me off. In the last 3 days, I've spent
probably more than 10hrs messing with this, reading up & trying not to let
it defeat me.
I followed the quoted procedure & found the following:
1. When opening the Cert mmc I can successfully export to a PFX file.
2. There are 3 folders below Certificate Enrollment Requests in
Chinese?!!!
3. I'm not merely opening another a/c to recover, I'm running another
instance of XP with the same a/c name (as it happens, ie my own name with
admin rights) opened the Cert mmc & imported the PFX file, having entered
its password, into the Personal store, strong.. unchecked.
4. I tried to open a text file but the contents were garbled. I then
opened a text doc & was prompted to load the converter pack which I did,
still garbage.
5. Returned to my main original a/c & found the files I'd just tried to
read were themselves unencrypted & unreadable (copies - no data has been
lost).
6. Encrypted some jpgs - was prompted to skip the thumbnail.db & folder
settings, which I did.
7. Booted back into the 2nd instance of XP & couldn't preview the files!
8. Returned to the 1st instance of XP to find again the files I just
tried to preview were unencrypted & unreadable, again just copies.

Notes
My main instance is SP1 with the Chinese lang pack installed some time ago.
My 2nd instance has all Critical updates but not SP1 & no added lang packs.
Both instances are set to English UK, with English US also available.
I'm using the 2nd instance of XP to simulate a crash & re-install, not
trusting to just opening another a/c which I would have to create &
considering the difficulties I don't want to mess here.

HELP!

--
"Gentlemen - you cannot fight here, this is the War-room!"
from Dr Strangelove
Remove the x

• Next message: TIm Gardner: "Access is Denied accessing a user's folder after deleting the user"
• Previous message: Don: "Children's Access"
• In reply to: Earl Lewis: "Re: EFS data recovery - handholding needed"
• Next in thread: Earl Lewis: "Re: EFS data recovery - handholding needed"
• Reply: Earl Lewis: "Re: EFS data recovery - handholding needed"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: EFS data recovery - handholding needed ... export your current EFS cert. ... You can test exporting and importing your EFS cert with two user ... find the cert and export it to a PFX file. ... will have private key in it and CER only has public key in it. ... (microsoft.public.windowsxp.security_admin) Re: EFS experiment - need help ... multiple users' EFS files. ... You can test exporting and importing your EFS cert with two user accounts ... find the cert and export it to a PFX file. ... (Do not choose strong protection. ... (microsoft.public.windowsxp.security_admin) Re: EFS Certificate Issue ... It's most useful for EFS certs when users have roaming profiles. ... user's Personal cert store, ... >> Keys are stored in a user's profile. ... >> generate) another keypair when encrypting a file. ... (microsoft.public.win2000.security) Re: EFS experiment - need help ... >cert used for the file. ... find the cert and export it to a PFX file. ... EFS does not ... CIPHADMI.PFX into Earl. ... (microsoft.public.windowsxp.security_admin) Re: Encryted Data recovered from failed hard drive ... Your keys and certs are in the profile dir. ... Once you have your backed up cert+keys, you can open all your EFS ... files encrypted with the cert as long as the files are not damaged. ... Start->Help should have the info to guide you through how to backup your EFS ... (microsoft.public.win2000.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint