Re: EFS recovery problem
thiessendg_at_yahoo.com
Date: 05/05/03
- Next message: Vince C.: "Re: How do I restore security only on XP Pro?"
- Previous message: Simmmy: "Windows update site"
- In reply to: Peter Clark: "Re: EFS recovery problem"
- Next in thread: Roger Abell [MVP]: "Re: EFS recovery problem"
- Reply: Roger Abell [MVP]: "Re: EFS recovery problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 5 May 2003 07:12:54 -0700
Peter & Roger,
Please see my comments/responses inlined below...
"Peter Clark" <clark@hushmail.com> wrote in message news:<016701c310f0$b93a7f80$a601280a@phx.gbl>...
> roger; no worry, it may of been in the 2ksecgroup or done
> via email.
>
>
>
> dave:
>
> did you get a message like:
>
> (with username)
> logon message:
> you are required to change your password at first logon.
>
Yes, I did. This seems to be exactly what "broke" my efs.
> this seems to break efs as it does not update the locking
> file which secures your private/public keys. however you
> can regain access by changing the password back to the
> exact orginal - i guess you did?
>
Yep changed it back to the original, however, could only do this from
the admin account. When I try from user account fails, see below...
> renamed from "Dave User" to "Dave" - are you sure this is
> not a username/fullname muddle? check with lusrmgr.msc -
> username/fullname change should not effect efs as it uses
> the user number.
I am inclined to believe this is not really a problem at all.
>
> the orginal cert could not be used - why??
>
> 01. password was not changed back to _exact_ orginal
>
see above comments...
> 02. some files are missing - for each cert in mmc, open -
> is there a private that corresponds?
> browse to doc&sets\%username\application
> data\microsoft\protect\s-1-5-21-%machinesid%-%userno%
> are there two guid(388bytes) and one preferred(24bytes)
> named files present?
>
tried this and sure enough, it appears the private key may be gone. i
didnt check registry, I used the certificates snap in and tried
something, cant recall exactly, but, I was informed there was no
private key.
> 03. the file doc&sets\%username\application
> data\microsoft\protect\credhist could be corrupt
> it is possible to create new one.
>
> passwords most complexity requirements = disabled may still
> trigger such a prompt - are the other settings
> 0/42/0/0/disabled/disabled?
> out of interest, is this machine with fullupdates, sp1 or
> defaultinstall?
>
I believe I have all password stuff disabled, except that max passwd
age is 180 days, and the min length is 5 characters.
This is WinXP Pro w/SP1 and all updates applied.
> can you download filemon from sysinternals.com - run it and
> try and access a file that you get the denied message for
> and then save the log and email it over? this may help to
> determine exactly where efs is falling over.
I am not too concerned now, because I found my backups, looks like I
was thinking ahead and my really important data i backed up both
encrypted and decrypted. The only thing I will say is that I learned
a lot. I wish I had read/researched more beforehand, but, I assumed
EFS was "simple for the user". It is simple, however, you really need
to buff up on how it works and what all to backup. Also, before
encrypting, setup a Data Recovery Agent as there is not one by
default.
Anyway much thanks for the assistance you all have given. I think I
will call this a closed issue since I have my data now.
Dave
- Next message: Vince C.: "Re: How do I restore security only on XP Pro?"
- Previous message: Simmmy: "Windows update site"
- In reply to: Peter Clark: "Re: EFS recovery problem"
- Next in thread: Roger Abell [MVP]: "Re: EFS recovery problem"
- Reply: Roger Abell [MVP]: "Re: EFS recovery problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
