Continuing Problems decrypting EFS objects

From: TERRY GOODENOUGH (tg_at_terrygoodenough.com)
Date: 07/23/03

• Next message: TERRY GOODENOUGH: "Explorer.exe faulting"
• Previous message: Julio Duarte: "PC user names"
• Next in thread: Peter Clark: "Continuing Problems decrypting EFS objects"
• Reply: Peter Clark: "Continuing Problems decrypting EFS objects"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 23 Jul 2003 11:14:16 -0700

Here is what I've tried:

-imported old certificate and used RECCERTS.EXE to recover
-ran "EFSINFO.EXE /y" got thumbprint "D831 7101 FE0E C79E
C5DC 2BDD A9EE EB50 2B7E E461"
-ran "EFSINFO.EXE /c [path...]" got:
   New Text Document.txt: Encrypted
     Users who can decrypt:
       ABSJAGUAR\terry (terry(terry@ABSJAGUAR))
       Certificate thumbprint: "D831 7101 FE0E C79E C5DC
2BDD A9EE EB50 2B7E E461"

Net: my userid and thumbprint matched that of the
encrypted objects.

-then I tried to decrypt folders and other objects, but
always got "access denied" (tried many variations of
permissions: me (terry) as owner with Full Permissions;
owner as Administrator, "terry" at Full permissions...) I
always checked Effective Permissions to make sure "terry"
had Full Permissons, yet every time I cannot decrypt
objects.

-I tried a reset to "Simple File Sharing", still
got "access denied" on decryption attempts.

-Here is what may be the "master clue": I can encrypt a
file within an unencrypted folder that contains other
encrypted objects within it, but I cannot decrypt the file
I just encrypted, "access denied" just like with the older
encrypted folders.

-My user (terry) has always been in the Administrators
group (before system reinstall [when objects were first
encrypted] and now).

-I understand the parent folder is key to whether its new
objects are automatically encrypted or not so I've tried
to decrypt objects within unencrypted folders (which is
another wierd thing: throughout the course of all this,
some objects decrypted, some folders as well as some
files/objects with no discernable permission or EFSINFO
differences from objects that will not decrypt).

Thoughts????

---

• Next message: TERRY GOODENOUGH: "Explorer.exe faulting"
• Previous message: Julio Duarte: "PC user names"
• Next in thread: Peter Clark: "Continuing Problems decrypting EFS objects"
• Reply: Peter Clark: "Continuing Problems decrypting EFS objects"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: NTFS Security Question. ... A subordinate object DOES not inherit the PARENT perms (in ... will assume "Nebulous" permissions that refer to the LINK ... The trick is to PROPOGATE to all FILES (not Folders and Files - that would ... Since Windows 2000 deny NTFS permission does not work ... (microsoft.public.windowsxp.security_admin) RE: ISA 2004 REPORT FAILURE ... Did as you suggested and turned auditing on for the system and folders ... that is setting the wrong permissions of the folders ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... (microsoft.public.windows.server.sbs) RE: ISA 2004 REPORT FAILURE ... the ISA Reports still fail because ... I can change the permissions manually ... on the ISALogs and ISASummaries folders ... Microsoft CSS Online Newsgroup Support ... (microsoft.public.windows.server.sbs) Re: Personal Media Drive ... > much more knowledgeable about Windows than I am. ... You restrict access by assigning permissions to drives, folders and files. ... (microsoft.public.windows.mediacenter) Re: Administrator/User security issues ... i have setup all the accounts, ... folders for testing the security. ... permissions but the admin. ... (microsoft.public.windowsxp.security_admin)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)