Re: How to get full access to all contents?
From: Dmitriy Kopnichev (kopn_at_hotbox.ru)
Date: 10/30/03
- Next message: Dmitriy Kopnichev: "Re: How to get full access to all contents?"
- Previous message: msmerlot \(temporary\) _at_calis.com: "Pop Ups"
- In reply to: Roger Abell: "Re: How to get full access to all contents?"
- Next in thread: Roger Abell: "Re: How to get full access to all contents?"
- Reply: Roger Abell: "Re: How to get full access to all contents?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 30 Oct 2003 09:44:52 +0300
I haven't removed any account.
Isn't the "ME$(ME$@workgroup)" a user account? I used not the cipher, but
"Encryption Details for" the file window in "Advanced Attributes" of the
file window. I saved a Private key to a .pfx file before I was joined the
domain and my computer was renamed by the domain administrators.
"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:ONH1y$onDHA.1408@TK2MSFTNGP11.phx.gbl...
> You may own the machine and the files may be yours,
> but if it is encrypted and you cannot prove to the system
> that you are supposed to be able to decrypt it then it will
> not let you.
>
> The only way to prove that you are supposed to be able
> to access the EFS encrypted file is to use an account that
> has loaded into it the decryption key that corresponds to
> the certificate that was used to encrypt the file.
>
> When you renamed the machine, apparently starting down
> the road of denied access, something seems to have removed
> that capability. When you used cipher to look at the file it
> said that there was no user account allowed to decrypt it,
> instead indicating the machine was allowed to decrypt it.
> That, assuming you have reported accurately what you saw,
> is something with which I am unfamiliar, either as to why it
> got that way or how to get out of that situation.
>
> --
> Roger Abell
> Microsoft MVP (Windows Server System: Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "Dmitriy Kopnichev" <kopn@hotbox.ru> wrote in message
> news:emNMRrjnDHA.2772@TK2MSFTNGP12.phx.gbl...
> > This is my file. I'm the only computer owner.
> > "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
> > news:#zBS$oUnDHA.2776@tk2msftngp13.phx.gbl...
> > > code 5 is probably access failure
> > > in this case since you do not have EFS capability to decrypt
> > > you are not allowed to modify who can decrypt
> > >
> > > --
> > > Roger Abell
> > > Microsoft MVP (Windows Server System: Security)
> > > MCSE (W2k3,W2k,Nt4) MCDBA
> > > "Dmitriy Kopnichev" <kopn@hotbox.ru> wrote in message
> > > news:%23hNgtVSnDHA.2628@TK2MSFTNGP10.phx.gbl...
> > > > I tried to add myself and/or another user to "Users Who Can
> > Transparently
> > > > Access this File" and got an error
> > > > "ERSADU
> > > > Error in adding new user(s). Error code 5."
> > > > "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
> > > > news:ehWd8qOnDHA.1764@tk2msftngp13.phx.gbl...
> > > > > When you look at the file's properties Security dialog
> > > > > is anything checked for any group in the Deny column ?
> > > > > You must highlight each group listed one at a time and
> > > > > then look at what is Granted/Denied.
> > > > > An account that is only in Administrators group is
> > > > > actually also in other things to which there can be
> > > > > NTFS Grants/Denies, like Authenticated Users,
> > > > > Network, Interactive, Everyone. . . .
> > > > > Not having EFS authorization appears as if it is a
> > > > > NTFS permissions denial. You should use the cipher
> > > > > commandline utility to examine the thumbprint info of
> > > > > the file to see what accounts are allowed to decrypt it.
> > > > >
> > > > > --
> > > > > Roger Abell
> > > > > Microsoft MVP (Windows Server System: Security)
> > > > > MCSE (W2k3,W2k,Nt4) MCDBA
> > > > > "Dmitriy Kopnichev" <kopn@hotbox.ru> wrote in message
> > > > > news:eykgm5MnDHA.2848@TK2MSFTNGP10.phx.gbl...
> > > > > > How to become sure that there is no Deny for any group. The file
> is
> > > EFS
> > > > > > protected. But I can open other EFS protected files.
> > > > > > "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
> > > > > > news:##sRquJnDHA.1084@tk2msftngp13.phx.gbl...
> > > > > > > This means that you have full control and it is inherited from
> > > > > > > some higher directory.
> > > > > > > Are you sure that there is no Deny for some group, and if
> > > > > > > there is make sure your account is not a member of the group.
> > > > > > > Deny overrides a Grant.
> > > > > > >
> > > > > > > --
> > > > > > > Roger Abell
> > > > > > > Microsoft MVP (Windows Server System: Security)
> > > > > > > MCSE (W2k3,W2k,Nt4) MCDBA
> > > > > > > "Dmitriy Kopnichev" <kopn@hotbox.ru> wrote in message
> > > > > > > news:um7vwqGnDHA.2080@TK2MSFTNGP10.phx.gbl...
> > > > > > > > I'm the Owner of the file and have full access, but the
> > "Effective
> > > > > > > > permissions" are all checked and grayed for me.
> > > > > > > > "Kelly" <kelly@mvps.org> wrote in message
> > > > > > > > news:eCVc2iGnDHA.2000@TK2MSFTNGP12.phx.gbl...
> > > > > > > > > Without knowing more, see if this helps:
> > > > > > > > >
> > > > > > > > > EXE and LNK Fix for Windows XP - Line 12
> > > > > > > > > http://www.kellys-korner-xp.com/xp_tweaks.htm
> > > > > > > > >
> > > > > > > > > To use the Regedit: Save the REG File to your hard disk.
> > Double
> > > > > click
> > > > > > > it
> > > > > > > > > and answer yes to the import prompt. REG files can be
viewed
> > in
> > > > > > Notepad
> > > > > > > by
> > > > > > > > > right clicking on the file and selecting Edit.
> > > > > > > > >
> > > > > > > > > --
> > > > > > > > > All the Best,
> > > > > > > > > Kelly
> > > > > > > > >
> > > > > > > > > MS-MVP Win98/XP
> > > > > > > > > [AE-Windows® XP]
> > > > > > > > >
> > > > > > > > > Troubleshooting Windows XP
> > > > > > > > > http://www.kellys-korner-xp.com
> > > > > > > > >
> > > > > > > > > Top 10 Frequently Asked Questions and Answers
> > > > > > > > > http://www.kellys-korner-xp.com/top10faqs.htm
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > "Dmitriy Kopnichev" <kopn@hotbox.ru> wrote in message
> > > > > > > > > news:uRnCDcGnDHA.1096@TK2MSFTNGP11.phx.gbl...
> > > > > > > > > > Hello
> > > > > > > > > > I get "Windows cannot access the specified device, path,
> or
> > > > file.
> > > > > > You
> > > > > > > > may
> > > > > > > > > > not have appropriate permissions to access the item."
when
> I
> > > > > > > > double-click
> > > > > > > > > a
> > > > > > > > > > file. I'm the only owner of the computer. How to get
full
> > > access
> > > > > to
> > > > > > > all
> > > > > > > > > > contents?
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: Dmitriy Kopnichev: "Re: How to get full access to all contents?"
- Previous message: msmerlot \(temporary\) _at_calis.com: "Pop Ups"
- In reply to: Roger Abell: "Re: How to get full access to all contents?"
- Next in thread: Roger Abell: "Re: How to get full access to all contents?"
- Reply: Roger Abell: "Re: How to get full access to all contents?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
