Re: How to get full access to all contents?
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 10/31/03
- Next message: Iskandar Taib: "Cloning XP setups (followup)"
- Previous message: Shenan T. Stanley: "Re: Guest Account Issues"
- In reply to: Dmitriy Kopnichev: "Re: How to get full access to all contents?"
- Next in thread: Dmitriy Kopnichev: "Re: How to get full access to all contents?"
- Reply: Dmitriy Kopnichev: "Re: How to get full access to all contents?"
- Reply: Dmitriy Kopnichev: "Re: How to get full access to all contents?"
- Reply: Dmitriy Kopnichev: "Re: How to get full access to all contents?"
- Reply: Dmitriy Kopnichev: "Re: How to get full access to all contents?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 30 Oct 2003 21:01:22 -0700
While logged in as an admin schedule a cmd prompt
to open in a couole minutes using task scheduler.
When the cmd prompt opens, it is running as System
(which is the local identity known to the domain
as machinename$).
There is no way I know of to actually log in as that
account, as you do not know the password.
-- Roger Abell Microsoft MVP (Windows Server System: Security) MCSE (W2k3,W2k,Nt4) MCDBA "Dmitriy Kopnichev" <kopn@hotbox.ru> wrote in message news:e2UtwhunDHA.2820@TK2MSFTNGP10.phx.gbl... > Importing the saved key didn't help. How to logon to the > "ME$(ME$@workgroup)" account? > "Roger Abell" <mvpNOSpam@asu.edu> wrote in message > news:%23z6kXntnDHA.1708@TK2MSFTNGP12.phx.gbl... > > NG list trimmed to security_admin > > > > Have you yet tried importing the key that was saved into > > an account ? When doing this, it will give you the option > > to have it prompt you whenerver it is used, or to just do it. > > You must select for it to just do it without prompting. > > Account names like ME$ are usually the machine account > > that represents the machine as a member in the domain. > > > > > > -- > > Roger Abell > > Microsoft MVP (Windows Server System: Security) > > MCSE (W2k3,W2k,Nt4) MCDBA > > "Dmitriy Kopnichev" <kopn@hotbox.ru> wrote in message > > news:uUKcBFrnDHA.424@TK2MSFTNGP10.phx.gbl... > > > I haven't removed any account. > > > Isn't the "ME$(ME$@workgroup)" a user account? I used not the cipher, > but > > > "Encryption Details for" the file window in "Advanced Attributes" of the > > > file window. I saved a Private key to a .pfx file before I was joined > the > > > domain and my computer was renamed by the domain administrators. > > > "Roger Abell" <mvpNOSpam@asu.edu> wrote in message > > > news:ONH1y$onDHA.1408@TK2MSFTNGP11.phx.gbl... > > > > You may own the machine and the files may be yours, > > > > but if it is encrypted and you cannot prove to the system > > > > that you are supposed to be able to decrypt it then it will > > > > not let you. > > > > > > > > The only way to prove that you are supposed to be able > > > > to access the EFS encrypted file is to use an account that > > > > has loaded into it the decryption key that corresponds to > > > > the certificate that was used to encrypt the file. > > > > > > > > When you renamed the machine, apparently starting down > > > > the road of denied access, something seems to have removed > > > > that capability. When you used cipher to look at the file it > > > > said that there was no user account allowed to decrypt it, > > > > instead indicating the machine was allowed to decrypt it. > > > > That, assuming you have reported accurately what you saw, > > > > is something with which I am unfamiliar, either as to why it > > > > got that way or how to get out of that situation. > > > > > > > > -- > > > > Roger Abell > > > > Microsoft MVP (Windows Server System: Security) > > > > MCSE (W2k3,W2k,Nt4) MCDBA > > > > "Dmitriy Kopnichev" <kopn@hotbox.ru> wrote in message > > > > news:emNMRrjnDHA.2772@TK2MSFTNGP12.phx.gbl... > > > > > This is my file. I'm the only computer owner. > > > > > "Roger Abell" <mvpNOSpam@asu.edu> wrote in message > > > > > news:#zBS$oUnDHA.2776@tk2msftngp13.phx.gbl... > > > > > > code 5 is probably access failure > > > > > > in this case since you do not have EFS capability to decrypt > > > > > > you are not allowed to modify who can decrypt > > > > > > > > > > > > -- > > > > > > Roger Abell > > > > > > Microsoft MVP (Windows Server System: Security) > > > > > > MCSE (W2k3,W2k,Nt4) MCDBA > > > > > > "Dmitriy Kopnichev" <kopn@hotbox.ru> wrote in message > > > > > > news:%23hNgtVSnDHA.2628@TK2MSFTNGP10.phx.gbl... > > > > > > > I tried to add myself and/or another user to "Users Who Can > > > > > Transparently > > > > > > > Access this File" and got an error > > > > > > > "ERSADU > > > > > > > Error in adding new user(s). Error code 5." > > > > > > > "Roger Abell" <mvpNOSpam@asu.edu> wrote in message > > > > > > > news:ehWd8qOnDHA.1764@tk2msftngp13.phx.gbl... > > > > > > > > When you look at the file's properties Security dialog > > > > > > > > is anything checked for any group in the Deny column ? > > > > > > > > You must highlight each group listed one at a time and > > > > > > > > then look at what is Granted/Denied. > > > > > > > > An account that is only in Administrators group is > > > > > > > > actually also in other things to which there can be > > > > > > > > NTFS Grants/Denies, like Authenticated Users, > > > > > > > > Network, Interactive, Everyone. . . . > > > > > > > > Not having EFS authorization appears as if it is a > > > > > > > > NTFS permissions denial. You should use the cipher > > > > > > > > commandline utility to examine the thumbprint info of > > > > > > > > the file to see what accounts are allowed to decrypt it. > > > > > > > > > > > > > > > > -- > > > > > > > > Roger Abell > > > > > > > > Microsoft MVP (Windows Server System: Security) > > > > > > > > MCSE (W2k3,W2k,Nt4) MCDBA > > > > > > > > "Dmitriy Kopnichev" <kopn@hotbox.ru> wrote in message > > > > > > > > news:eykgm5MnDHA.2848@TK2MSFTNGP10.phx.gbl... > > > > > > > > > How to become sure that there is no Deny for any group. The > > file > > > > is > > > > > > EFS > > > > > > > > > protected. But I can open other EFS protected files. > > > > > > > > > "Roger Abell" <mvpNOSpam@asu.edu> wrote in message > > > > > > > > > news:##sRquJnDHA.1084@tk2msftngp13.phx.gbl... > > > > > > > > > > This means that you have full control and it is inherited > > from > > > > > > > > > > some higher directory. > > > > > > > > > > Are you sure that there is no Deny for some group, and if > > > > > > > > > > there is make sure your account is not a member of the > > group. > > > > > > > > > > Deny overrides a Grant. > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > > Roger Abell > > > > > > > > > > Microsoft MVP (Windows Server System: Security) > > > > > > > > > > MCSE (W2k3,W2k,Nt4) MCDBA > > > > > > > > > > "Dmitriy Kopnichev" <kopn@hotbox.ru> wrote in message > > > > > > > > > > news:um7vwqGnDHA.2080@TK2MSFTNGP10.phx.gbl... > > > > > > > > > > > I'm the Owner of the file and have full access, but the > > > > > "Effective > > > > > > > > > > > permissions" are all checked and grayed for me. > > > > > > > > > > > "Kelly" <kelly@mvps.org> wrote in message > > > > > > > > > > > news:eCVc2iGnDHA.2000@TK2MSFTNGP12.phx.gbl... > > > > > > > > > > > > Without knowing more, see if this helps: > > > > > > > > > > > > > > > > > > > > > > > > EXE and LNK Fix for Windows XP - Line 12 > > > > > > > > > > > > http://www.kellys-korner-xp.com/xp_tweaks.htm > > > > > > > > > > > > > > > > > > > > > > > > To use the Regedit: Save the REG File to your hard > > disk. > > > > > Double > > > > > > > > click > > > > > > > > > > it > > > > > > > > > > > > and answer yes to the import prompt. REG files can be > > > viewed > > > > > in > > > > > > > > > Notepad > > > > > > > > > > by > > > > > > > > > > > > right clicking on the file and selecting Edit. > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > > > > All the Best, > > > > > > > > > > > > Kelly > > > > > > > > > > > > > > > > > > > > > > > > MS-MVP Win98/XP > > > > > > > > > > > > [AE-Windows® XP] > > > > > > > > > > > > > > > > > > > > > > > > Troubleshooting Windows XP > > > > > > > > > > > > http://www.kellys-korner-xp.com > > > > > > > > > > > > > > > > > > > > > > > > Top 10 Frequently Asked Questions and Answers > > > > > > > > > > > > http://www.kellys-korner-xp.com/top10faqs.htm > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > "Dmitriy Kopnichev" <kopn@hotbox.ru> wrote in message > > > > > > > > > > > > news:uRnCDcGnDHA.1096@TK2MSFTNGP11.phx.gbl... > > > > > > > > > > > > > Hello > > > > > > > > > > > > > I get "Windows cannot access the specified device, > > path, > > > > or > > > > > > > file. > > > > > > > > > You > > > > > > > > > > > may > > > > > > > > > > > > > not have appropriate permissions to access the > item." > > > when > > > > I > > > > > > > > > > > double-click > > > > > > > > > > > > a > > > > > > > > > > > > > file. I'm the only owner of the computer. How to get > > > full > > > > > > access > > > > > > > > to > > > > > > > > > > all > > > > > > > > > > > > > contents? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
- Next message: Iskandar Taib: "Cloning XP setups (followup)"
- Previous message: Shenan T. Stanley: "Re: Guest Account Issues"
- In reply to: Dmitriy Kopnichev: "Re: How to get full access to all contents?"
- Next in thread: Dmitriy Kopnichev: "Re: How to get full access to all contents?"
- Reply: Dmitriy Kopnichev: "Re: How to get full access to all contents?"
- Reply: Dmitriy Kopnichev: "Re: How to get full access to all contents?"
- Reply: Dmitriy Kopnichev: "Re: How to get full access to all contents?"
- Reply: Dmitriy Kopnichev: "Re: How to get full access to all contents?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
