Re: user does not have acces privileges
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 29 Jun 2006 12:04:39 -0500
There is not any difference in EFS between XP Pro and Windows 2003 that
would matter in your case. Windows 2003 does allow an administrator to
assign ownership to user/group via the Explorer GUI. If you have not seen
the following link yet on EFS best practices be sure to review it and pay
attention to the part about best practice is to enable the encryption
attribute on folders and not individual files. Then create or move files you
want encrypted into the folder. Be sure to try some test files or copies to
make sure you don't loose any needed data. And try Office files with and
without password protection to see if that is a problem. It is also a good
idea to keep clear text backups of your important files on DVD/CDROM stored
securely somewhere.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316
The common reasons why a user can not access an EFS encrypted file is
because the user does not have access to the needed private key, the private
key is corrupted, the file is corrupted, the user does not have NTFS proper
permissions to the folder/file, the file has been backed up/restored to an
operating system that does not support the EFS encryption algorithm used
[such as Windows 2000 or XP with no service pack], or the user's password
was "reset" by user or administrator rather than "changed" by the user. You
can use the mmc snapin for user certificate to see if the computer you are
logged onto has a certificate for EFS and it must show that the private key
is available and the thumbprint must match the thumbprint shown for the EFS
file in it's properties/advanced - details.
Steve
"Zorro" <Zorro@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:70028EE3-1352-4461-9B41-2B4DE1DF09E9@xxxxxxxxxxxxxxxx
Dear Steven!
Thank you for trying to help me.
I do agree with you about what you wrote.
BUT.
There is one little thing what you may forgotten to realize in my previous
mail.
I have made another (and since then one more) inaccessible file without
reinstalling the operating system.
I do agree with you when you saying with the reinstallation of the windows
I
have lost the key to that file.
The thing what I can't really understand is how is that possible to do
this
without reinstalling the windows.
I was changing the ownership and those setting and eventually I made
another
two inaccessible file. I understand that without original EFS key I won't
be
able to open the original file but what could be the reason of the
inaccessibility of the new files.
For those I must have the correct EFS key in my computer.
But I still can not open them.
It's interesting.
Now (not because of the info in the original file) but because of
curiosity
I'm planning to set up a computer with Server 2003 and put the harddrive
with
the inaccessible file into that pc. I read an article on the net about
Server
2003 is kind of easier on encryption and ownership so I decided to spend a
little time on this problem.
It is possible at the end I will learn nothing but at least I have tried.
I will be interested of your opinion about trying to play with other
operating systems.
I'm concentrating on the ownership rather than the encryption.
Regards,
Zorro
"Steven L Umbach" wrote:
Well what happens is when you encrypt a file with EFS a certificate and
private key is created for you and stored in your user profile. When you
reinstalled XP if you formatted your system drive then your EFS
certificate/private key was destroyed and unless you made the effort to
backup your EFS certificate/private key to a password protected .pfx file
in
offline media or have an intact copy of your user profile from a time
after
that file was encrypted on the previous operating system there is no way
to
recover that encrypted file since your EFS private key is needed and any
attempts are wasted time since the file is encrypted with 3DES. Wish I
had
better news. --- Steve
"Zorro" <Zorro@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BCFFA034-3E36-4E0F-B8E7-C2590FF3F28B@xxxxxxxxxxxxxxxx
Let's solve the confusion!
1. I made an MS Word file in My Documents
2. Put password on by Tools>Options>Security>Password to open+Password
to
modify+Read only
3. Right click>Properties>Advanced>Encrypt contents to secure data
5. Backup file by copying onto D: drive
4. Harddrive failure (not right after, it was a year later)
5. Windows XP reinstallation
6. I can not open the file anymore, error message: "Word can not open
the
document: user does not have access privileges (D:\...\Bank
details.doc)"
What is interesting:
I made a new file into the same folder with my new Windows.
I was playing with encryption and ownership to find out what was wrong
and
how to fix it.
And interestingly I managed to make the new file behave like the old
ones
(without Windows reinstallation).
Unfortunately I can't remember what have I done exactly but the result
was
same.
After I tried to do this again, this time I wrote every step down, but
I
could not mess it up again (so far).
I'm still playing with this to find out what makes the file
inaccessible
but
I don't have too much time so I will give up soon or later.
I hope the confusions are gone!
Regards,
Zorro
.
- References:
- user does not have acces privileges
- From: Zorro
- Re: user does not have acces privileges
- From: Steven L Umbach
- Re: user does not have acces privileges
- From: Steven L Umbach
- Re: user does not have acces privileges
- From: Zorro
- user does not have acces privileges
- Prev by Date: Re: ipsec session key renegotiation
- Next by Date: Re: Bizzare security behaviour
- Previous by thread: Re: user does not have acces privileges
- Next by thread: Re: Unblocking MS Spyware Blocked Action
- Index(es):
Relevant Pages
|
