Re: Another EFS riddle
From: Jay S. (jayschwitz_at_rocketmail.com)
Date: 11/18/03
- Next message: purna thota: "pagefile.sys"
- Previous message: Vivian Takagaki: "shared folder privilages"
- In reply to: Roger Abell: "Re: Another EFS riddle"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 18 Nov 2003 11:05:04 -0800
I've been researching the same (or at least similar) issue with XP's
EFS on an NT4 domain. I found this SAIC page very enlightening:
https://ess.saic.com/xp-encryption.html. My remainng question is:
does Microsoft have a similar workaround 9either procedural or patch)
that I could use? Not anxious to just throw 3rd party patches to the
OS on left and right? Any thoughts or other insight?
"Roger Abell" <mvpNOSpam@asu.edu> wrote in message news:<eHntUXtpDHA.2820@TK2MSFTNGP10.phx.gbl>...
> But did you change the password ?
>
> If you log in with a non-admin account and change the
> account's password you need to provide the old and
> new passwords. Doing this will not bread EFS access.
> If you log in with an admin account you have two ways
> to change the password - I think one is termed reset the
> password and does not require the old password. An
> admin account has this password reset available on all
> accounts. If this interface is used to reset a password,
> of the account itself or another, then the EFS access will
> be disabled.
> You should try using the efsinfo.exe utility from the
> optional support tools install (on product CD in the
> support\tools directory). This will allow you to see
> the thumbprints of the different certificates and for the
> files you cannot access, and from this you will be able
> to determine which EFS cert/key should be in your
> Certificates snap-in displayed storage.
> Whenever you remove one of the excess certificate/key
> pairs, be certain that you first export them to file so that
> you have a route back by importing if needed.
>
> --
> Roger Abell
> Microsoft MVP (Windows Server System: Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "TJE" <TJE@cadwalk removeme.com> wrote in message
> news:9Sqrb.4955$pS2.4818@news.get2net.dk...
> > Hello Roger!
> >
> > Thanks for your answer!
> >
> > Yes, same account, password and machine... I have quite a few different
> EFS
> > cert/keys in the certificates snapin, so I don't know which one it is, but
> > it must be there somewhere, as AEFSDR and EFS Key reports. What is the
> admin
> > tool for the account?
> >
> > What do you mean by 'with the interface that all accounts have rather than
> > the reset interface that only admin accounts have.' ?? I haven't changed
> the
> > interface, and I didn't use the administrator account to encrypt the
> > folders, just my usual account.
> >
> > I did mess around with some StyleXp program, and it has left some sort of
> > certificate, but surely that has nothing to do with EFS?
> >
> > Thanks again,
> >
> > /Thomas
> >
> >
> > "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
> > news:Otjit1gpDHA.2304@TK2MSFTNGP11.phx.gbl...
> > > Same account, same machine, EFS encrypted files
> > > always only on that machine.
> > > EFS cert/key still shows in Certificates admin tool
> > > for the account.
> > > Right?
> > > Account still has same password as before ?
> > > If not, try changing it back, and next time change it
> > > with the interface that all accounts have rather than
> > > the reset interface that only admin accounts have.
> > > If that is not it, post back
> > >
> > > --
> > > Roger Abell
> > > Microsoft MVP (Windows Server System: Security)
> > > MCSE (W2k3,W2k,Nt4) MCDBA
> > > "TJE" <TJE@cadwalk removeme.com> wrote in message
> > > news:F_3rb.4476$4R4.1958@news.get2net.dk...
> > > > Hello!
> > > >
> > > > Yep, ok, another EFS ****-up!
> > > >
> > > > I have recently encrypted a folder on my harddrive, and of course, I
> forgot
> > > > to export the certificate/key. I running XP sp1, and nothing has
> changed
> > > > since I encrypted the files, login/user is still the same, only a few
> > > > windows updates...
> > > >
> > > > Something obviously went wrong, since I cannot read the files now.
> > > >
> > > > I messed around with the certificates snap-in, and probably made a
> mess,
> but
> > > > I've tried AEFSDR and EFS Key, and they both tell me that the files
> are
> > > > decryptable, but since they're only demos, they'll only show the first
> few
> > > > bytes of the files...
> > > >
> > > > What can I do to use this information, and gain access to the files
> again?
> > > >
> > > > Thank a lot!!!
> > > >
> > > >
> > >
> > >
> >
> >
- Next message: purna thota: "pagefile.sys"
- Previous message: Vivian Takagaki: "shared folder privilages"
- In reply to: Roger Abell: "Re: Another EFS riddle"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
