Re: EFS / moving files
From: Don (donchanger_at_yahoo.com)
Date: 07/13/04
- Next message: Colin Nash [MVP]: "Re: Username/password"
- Previous message: Cable Guy: "Re: I started network trouble at work"
- In reply to: Matthew Mucker [MSFT]: "RE: EFS / moving files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 12 Jul 2004 17:22:16 -0700
Thanks for the reply, but it appears to me that #2 does not in fact
work.
I did in fact return to my office and exported both the certificate
and the private key. I then imported them (not understanding exactly
the difference between them, I tried importing just one, then the
other, then both) and tried accessing the files again. I did get
further, now being able to see the names of sub-folders within the
encrypted folder, but still could not copy or open individual files.
However, now the error message was something along the lines of
"Access is denied", and because I was now getting further than before,
I surmised that perhaps this was an ownership issue, not an encryption
issue.
So, I tried to take ownership of the folder in question (turn off
simple security then change owner on security tab). XP proceeded as
if it was in fact changing the owner for every folder and sub-folder
(and it took some time), but still when I tried to open an individual
file, no joy. If I understand correctly, Drive Image 7 provides
access to its image files by mounting a virtual volume, and I think
that this "drive" is read-only but may not "tell" XP that it is
read-only, so when XP attempted to change ownership, it had no way of
knowing that it could not actually write those changes (this assumes
that XP actually writes something to an NTFS drive when it changes
ownership, something that sounds reasonable to me but about which I
know nothing).
So, I guess if my assumptions are correct, my question becomes: is it
possible to change ownership of files and folders on a read-only NTFS
volume (I do have the certificate and private key under which they
were encrypted, and of course the name and password for the owner
under which they were created, plus adminstrative rights on the
computer in which the "drive" is now "installed")?
A related question: is it redundant and a complete waste to encrypt a
folder and also to mark it as private (I am guessing here that if I
had left the original folder encrypted but not private, I'd now have
access to it)?
Thanks for any thoughts,
Don Changer
mattmu@online.microsoft.com (Matthew Mucker [MSFT]) wrote in message news:<5xWNJoCaEHA.2804@cpmsftngxa06.phx.gbl>...
> Don,
>
> Option 2 should work.
>
> Just make sure that when you export the certificate, you select the option
> to export the private key.
>
> -Matt
>
> ===
> This posting is provided "AS IS" with no warranties, and confers no rights.
> --------------------
> >From: donchanger@yahoo.com (Don)
> >Newsgroups: microsoft.public.windowsxp.security_admin
> >Subject: EFS / moving files
> >Date: 10 Jul 2004 09:05:52 -0700
> >Organization: http://groups.google.com
> >Lines: 36
> >Message-ID: <1efafbf2.0407100805.5fc20649@posting.google.com>
> >NNTP-Posting-Host: 68.48.200.56
> >Content-Type: text/plain; charset=ISO-8859-1
> >Content-Transfer-Encoding: 8bit
> >X-Trace: posting.google.com 1089475552 13280 127.0.0.1 (10 Jul 2004
> 16:05:52 GMT)
> >X-Complaints-To: groups-abuse@google.com
> >NNTP-Posting-Date: Sat, 10 Jul 2004 16:05:52 +0000 (UTC)
> >Path:
> cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!news-out.cwix.com!newsfeed.cwix.co
> m!border1.nntp.dca.giganews.com!nntp.giganews.com!news.glorb.com!postnews2.g
> oogle.com!not-for-mail
> >Xref: cpmsftngxa06.phx.gbl microsoft.public.windowsxp.security_admin:133981
> >X-Tomcat-NG: microsoft.public.windowsxp.security_admin
> >
> >I think I blew it but maybe not?
> >
> >I am on a working vacation with my family, about a 2 hour drive from
> >my office. I took with me a disk image (Drive Image) of important
> >work. Unfortunately, one of the folders is encrypted using Windows
> >EFS and I forgot to decrypt the folder before making the image and it
> >refuses to allow me to restore files from that folder.
> >
> >The options I have thought of are:
> >
> >1. Drive back to my office, decrypt, and re-image (or just archive
> >the drive by copying straight to DVD);
> >
> >2. Drive back to my office and export the certificate (or just pick
> >up the floppy-archive version of the certificate that is safe and
> >sound - in my office!) and then see if I can import it onto my laptop
> >and then access the folder (however, Drive Image "mounts" the image as
> >a drive and what little I have read about importing certificates often
> >says that it won't work with "dynamic" drives so is a "mounted" drive
> >the same as a "dynamic" drive?);
> >or
> >
> >3. See whether someone not nearly as dumb as me has a better idea. I
> >have available to me a laptop with NTFS and XP Pro, and I do of course
> >know the username and password of the account under which the files
> >were encrypted. I presume that just creating an account of the same
> >name and using the same password on another machine will not gain me
> >access - right?
> >
> >I might consider paying for a utility that I could download that would
> >save me a good chunk of a day on the road. Sheesh - I should have
> >known better.
> >
> >Does anyone have any thoughts? I would be most grateful.
> >
> >Thanks, Don Changer
> >
- Next message: Colin Nash [MVP]: "Re: Username/password"
- Previous message: Cable Guy: "Re: I started network trouble at work"
- In reply to: Matthew Mucker [MSFT]: "RE: EFS / moving files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
