Re: help! recovering XP-encrypted files in Windows 2000

From: Roger Abell [MVP] (mvpNOSPAM@asu.edu)
Date: 10/27/02 

From: "Roger Abell [MVP]" <mvpNOSPAM@asu.edu>
Date: Sun, 27 Oct 2002 13:17:44 -0700

<marpaspro@aol.com> wrote in message
news:895e01c27d48$4f197160$39ef2ecf@TKMSFTNGXA08...
>
> >-----Original Message-----
> >
> >Hello folks:
> >
> >Ater spending the last few days on this problem I'm
> throwing in the
> >towel. I hope some bright soul out there will see what
> I'm obviously
> >doing wrong and get me out of this h*ll hole. Without
> further ado,
> >here's my problem:
> >
> >I encrypted some files in XP Pro and have been trying,
> without luck, to
> >decrypt them in Windows 2000 Pro. I have imported the
> correct "File
> >Recovery" certificate, confirmed in the Certificates MMC
> in XP Pro and
> >Win2000 Pro, in Explorer in XP Pro and in efsinfo.exe in
> Win2000 Pro. I
> >am still getting the "access denied" error. What am I
> doing wrong?
> >
> >By comparison, I had absolutely no problem at all doing
> things the
> >opposite way: encrypting in Windows 2000 Pro and
> decrypting in XP Pro by
> >following the same steps in exporting certifcate from
> 2000 Pro and
> >importing it to XP Pro.
> >
> >Please help!!!
> >
> >
> >hi derik
>
> i'm having a similar problem. if you get a solution or
> gain any insight to this problem please e-mail me.
>
> thanks
>
> mitch
> >

There were know issues moving an EFS cert/key from
XP Gold to W2k SP2 or below. With XP SP1 the default
for encryption was changed to AES about which W2k has
no knowledge. These posts did not indicate service levels,
but the symptom seems to indicate the earlier interop issue
is being encountered.

Please review info in this newsgroup in thread of Sept 19 titled
"Encryption > access denied after importing key with Certificate"
to see if it applies in your situation. Due to the interop issues
with initial release, your better route would be XP SP1 with
changes to use W2k compatible algorithm. 

--
Roger Abell
MS MVP (Security, Windows), MCDBA,  MCSE both
Associate Expert - Windows XP ExpertZone
http://www.microsoft.com/windowsxp/expertzone

Relevant Pages

  • Re: Windows Restore not working
    ... Sadly without the certificate there isn't a lot you can do. ... The information in this mail/post is supplied "as is". ... This time, running it on XP Pro, it actually restored the file. ... following the encryption backup wizard's directions. ...
    (microsoft.public.windowsxp.general)
  • Re: Expired Recovery Agent EFS Cert
    ... XP Pro of course may not need an RA to use EFS but if one is specified in GP ... >> one their Group Policy refreshes to show a valid certificate. ... >> gpupdate on the XP pro computers to speed up the propagation of Group ...
    (microsoft.public.win2000.security)
  • Re: vpn
    ... First, if we are not dealing with XP Pro, but rather XP Home then ... A machine does not have to join a domain to be issued a certificate, ... to be issued on (IPSec) automatically. ...
    (microsoft.public.windows.server.general)
  • Re: Windows XP Pro amd NTFS encryption
    ... I have a similar problem on win xp pro machine. ... case I have imported the old certificate to Personal ... Store through MMC but not ... >> encrypted files, i copyed them to another NTFS ...
    (microsoft.public.windowsxp.security_admin)
  • Re: An Odd experience with a Dell XP CD
    ... > certificate of authentication for the EXACT version of XP, ... I did the same thing to reinstall XP Pro on ...
    (alt.sys.pc-clone.dell)