Re: EFS recovery problem
From: Roger Abell (abell_at_asu.edu)
Date: 05/03/03
- Next message: George Masters [MSFT]: "Password forgotten"
- Previous message: Torgeir Bakken (MVP): "Re: forcing logoff"
- In reply to: thiessendg_at_yahoo.com: "Re: EFS recovery problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 2 May 2003 17:19:48 -0700
Failure to open a file due to encryption look just
like failure due to permissions.
You can always check the permissions if you doubt
that the account has sufficient NTFS permission.
The account does not need to the the owner.
I would use pfx as the export/import format.
When importing do not select to have it prompt
on use, that will not work.
-- Roger <thiessendg@yahoo.com> wrote in message news:eddfcb6f.0305021038.d0e1fda@posting.google.com... > Roger, > > Thanks for all the help so far. Obviously, I should have studied EFS > before enabling it, but, I had been using it for a year with no > problems. It only takes one time... > > Anyway, I haven't checked, but, could this be an ownership issue also? > When I try to view the files encrypted with the thumbprint from the > Dave User cert, I get "Access Denied". I assume that message is sent > because of encryption, but, I got to wondering about ownership, > especially now since my account name is Dave for some reason. > > Here is my plan of atack, in case that doesn't work. Use the > certicates mmc snap in, export the Dave User certificate (in *.p7b > format??), log in to admin, create new account, import cert to that > account, restore files from backup to that new account, try to > decrypt. > > Does that sound right? > > One note, again, the password was set from the Computer Management > Admin tool to the password it used to be, but, since there was no luck > with that, I log into acct and try to use the Control Panel and set > password from the account. It is not letting me though. Gives me the > business about complexity, etc., however, there is no policy for > complexity. :/ > > Seems this account is hosed, but, seems like I should still be able to > decrypt those files since I still have a cert with that thumbprint. > > Suggestions/Comments? > > V/R, > Dave > > "Roger Abell [MVP]" <mvpNOSPAM@asu.edu> wrote in message news:<eMT7bdLEDHA.2384@TK2MSFTNGP12.phx.gbl>... > > Renaming an account should not cause these issues, > > and when an account is renamed it is normal for the > > profile area on disk to retain the name that existed > > when the account was first logged into. > > > > I would focus on getting the data back first, and then > > on making the account function correctly. That you > > are seeing a second EFS cert created when you have > > deleted the new one and then try to use EFS is showing > > that the older certificate is not being recognized as > > usable (obviously!). I would first try, though doubt > > it will work, exporting the older certificate, using the > > Certificates snap-in when the account has the last > > known working (for EFS) password and it is the only > > certificate showing. If this works, I would then import > > that EFS certificate with key into a newly defined local > > account, and use that account to get the data stored in > > the clear without EFS encryption. > > If you are not able to export the certificate and key, > > then think very hard over the recent history, focusing > > on passwords. You have to have the account set to > > use the correct password for the cert/key to be accessible > > for EFS use. > > Before you go too much further you may want to make > > a backup using ntbackup.exe in which you include the > > EFS encrypted files, your account's profile from Doc > > and Settings, and the System State. > > > > -- > > Roger > >
- Next message: George Masters [MSFT]: "Password forgotten"
- Previous message: Torgeir Bakken (MVP): "Re: forcing logoff"
- In reply to: thiessendg_at_yahoo.com: "Re: EFS recovery problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
