Re: What account can decrypt the file?

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 11/06/03


Date: Wed, 5 Nov 2003 18:33:35 -0700

I believe what efsinfo.exe is saying.
There is an account on each machine, System, that also
is known as the name of the machine with $ at the end
(this is what a domain knows it as).
However, as I recall, you did use the scheduled task trick
and from the cmd windows receive running as System (which
efsinfo say has decrypt capability - something I find wierd)
try using cipher.exe to decrypt the file (right?) and this did
not work. I am stumpted, as it seems you have an encrypted
file with no accounts allowed to decrypt (System does not
really make sense to me).
Out of curiosity, is this an En-Us English version of XP Pro?

-- 
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"Dmitriy Kopnichev" <kopn@hotbox.ru> wrote in message
news:%23dIFBP4oDHA.1096@TK2MSFTNGP11.phx.gbl...
> The efsinfo.exe says:
> Users who can decrypt (the file):
>   NT AUTHORITY\SYSTEM (ME$(ME$@WORKGROUP))
> What account can decrypt the file?
> "Data Recovery Agents For This File As Defined By Recovery Policy" is
> "Administrator" is written in "Encryption Details for" the file window in
> "Advanced Attributes" window.
> The only user Name in "Users Who Can Transparently Access This File" in
> "Encryption Details for" the file is "ME$(ME$@workgroup)". "ME" was my
> computer name before renaming. The renaming was made for joining the
domain.
> "Workgroup" was my workgroup name. There was not a Local user with "ME"
name
> before joining the domain.
>
>