Re: EFS recovery problem
From: Roger Abell [MVP] (mvpNOSPAM_at_asu.edu)
Date: 05/02/03
- Next message: Scott: "ASP Security on Windows XP"
- Previous message: Cligny Laurent: "How to limit access to computer regarding the time of day."
- In reply to: thiessendg_at_yahoo.com: "Re: EFS recovery problem"
- Next in thread: thiessendg_at_yahoo.com: "Re: EFS recovery problem"
- Reply: thiessendg_at_yahoo.com: "Re: EFS recovery problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 2 May 2003 07:30:16 -0700
Renaming an account should not cause these issues,
and when an account is renamed it is normal for the
profile area on disk to retain the name that existed
when the account was first logged into.
I would focus on getting the data back first, and then
on making the account function correctly. That you
are seeing a second EFS cert created when you have
deleted the new one and then try to use EFS is showing
that the older certificate is not being recognized as
usable (obviously!). I would first try, though doubt
it will work, exporting the older certificate, using the
Certificates snap-in when the account has the last
known working (for EFS) password and it is the only
certificate showing. If this works, I would then import
that EFS certificate with key into a newly defined local
account, and use that account to get the data stored in
the clear without EFS encryption.
If you are not able to export the certificate and key,
then think very hard over the recent history, focusing
on passwords. You have to have the account set to
use the correct password for the cert/key to be accessible
for EFS use.
Before you go too much further you may want to make
a backup using ntbackup.exe in which you include the
EFS encrypted files, your account's profile from Doc
and Settings, and the System State.
-- Roger <thiessendg@yahoo.com> wrote in message news:eddfcb6f.0305020347.4df31f55@posting.google.com... > I think I have found part of the problem. For some reason it appears > that the account was renamed from Dave User to Dave. Maybe. > > My profile path is still C:\...\Dave User\.... > > Also, I do have two personal certificates fo this account, one for > user Dave, and one for Dave User from a while back, probably account > creattion. > > here is the mmc text export... > Issued To Issued By Expiration Date Intended Purposes Friendly > Name Status Certificate Template > Dave Dave 4/8/2103 Encrypting File System <None> > Dave User Dave User 8/7/2102 Encrypting File System <None> > Another very strange problem. I cannot change the user password from > the user account. Says does not meet complexity requirements, etc., > however, logging into admin and checking Local Security Policy, > password complexity is disabled! > > Is there hope for recovering the files? Seems if I could just get > back to using the Dave User certificate, all would be well. However, > if I delete the dave cert, another one just gets created. > > > "Roger Abell [MVP]" <mvpNOSPAM@asu.edu> wrote in message news:<#UeHB5#DDHA.1552@TK2MSFTNGP12.phx.gbl>... > > I am not sure at which point your EFS access was broken, > > but here are some observations. > > > > A recovery agent will only be of use if it was set up before > > the files were encrypted or last touched. Doing this after > > the fact will not assist in your current dilemma. You use > > the commandline cipher utility to generate the needed > > cert/key for the recovery agent. It is all in here > > http://microsoft.com/WINDOWSXP/pro/techinfo/administration/recovery > > > > Since your account is now set with the same password as before, > > and since changing the group memberships of an account should > > have not impact on the operation of EFS, we need to figure out > > what has happened to your account. > > There is a tool, efsinfo.exe, that you can use to see what thumbprint > > is associated with the encrypted files, and the account's current > > certificate. You can get this by installing the Support Tools from > > the similarly named directory of the Windows XP CD. > > You should also use the Certificates mmc console to look at the > > private certificates for EFS of the account in question - particularly > > checking to see if there is more than one. > > > > -- > > Roger > > > > <thiessendg@yahoo.com> wrote in message > > news:eddfcb6f.0305010521.2cb4751d@posting.google.com... > > > All, > > > > > > Please note that I have read the FAQ... > > > > > > Here is my problem, I have a Power User Account. I changed that > > > account to an Administrator. When I logged in, it forced me to change > > > the password. I simply changed it to its current password. I did my > > > thing, logged off, logged in to default admin, changed account back to > > > PU acct. Log out of Admin, log in to PU acct. and now I cannot access > > > EFS files. > > > > > > After reading/research, I log on to account and use control panel to > > > change my password, change it to the password. Still no access to EFS > > > files. > > > > > > Hmmm. Log on to admin, restore files from backup, still no acccess. > > > > > > Hmmm. Use MMC and try to make sure that default admin is recovery > > > agent and he is not, no one is. So i try to add Admin acct as > > > Recovery agent, but, there is no *.cer file on local machine. > > > > > > Any suggestions? > > > > > > My understnading was, since the password changed, that is what screwed > > > up the EFS. But, according the KB article, logging in as user and > > > changeing password with control panel, I should have access to my EFS > > > files back. > > > > > > I have a sinking feeling, but appreciate any suggestions... > > > > > > Dave
- Next message: Scott: "ASP Security on Windows XP"
- Previous message: Cligny Laurent: "How to limit access to computer regarding the time of day."
- In reply to: thiessendg_at_yahoo.com: "Re: EFS recovery problem"
- Next in thread: thiessendg_at_yahoo.com: "Re: EFS recovery problem"
- Reply: thiessendg_at_yahoo.com: "Re: EFS recovery problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
