Re: Password
- From: "Tim Meddick" <timmeddick@xxxxxxxxx>
- Date: Sun, 9 Aug 2009 00:56:54 +0100
Mine was the only user account on the system - administrator-level.
I changed my own password in "User Accounts" (incidentally, I changed the password
but entered the same password to change it to - I don't know what I was thinking. So
the option to regain access by resetting the password back to the original would not
have worked!).
On subsequent reboot, I got "Access Denied".
BTW - I had backed up my encryption keys but, after doing loads of online research -
couldn't work what to do with it, so gave up on the lost data.
What I couldn't work out was if I could regain access to my files using just the
backed-up keys, but got the impression from what I read, that I needed to have made
myself the "Recovery Agent" beforehand (???)
==
Cheers, Tim Meddick, Peckham, London. :-)
"Shenan Stanley" <newshelper@xxxxxxxxx> wrote in message
news:eWTnFEIGKHA.2516@xxxxxxxxxxxxxxxxxxxxxxx
Ed Duarte wrote:
How do I change my password at startup?
Tim Meddick wrote:
You provide so little information....
But, a word of warning -
If you are running XP Professional, and have and use ENCRYPTION on
any files (when they show-up as "green" in Explorer) - changing
your password makes all your encrypted files INACCESSIBLE with not
much chance of recovery....
BillW50 wrote:
Is this true of those update uninstall folders in the Windows folder
too? Those are just compressed, not encrypted right?
Shenan Stanley wrote:
Default colors:
Blue: Compressed.
Green: Encrypted.
Not everyone's $NT folders/containing files are compressed. Unless
they do it themselves (or someone with that right does it on the
computer) - they are not encrypted.
You can change your password yourself (logged in as the user and
doing it properly for your own account) and not mess up your access
to your encrypted files. However - if you the password is changed
by another system administrator or hacked some other way - without
the proper backups of the certificates and private keys, yes - all
is basically lost. :-/
Best practices for the Encrypting File System
http://support.microsoft.com/kb/223316
And for the OP, again, but with just as much assumption involved as
anything else...
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/windows_password_change.mspx
http://pcsupport.about.com/od/tipstricks/ht/chgpassxp.htm
Tim Meddick wrote:
Shenan,
changing the current user's password from within their
own profile will not prevent the encryption keys from being changed
and thereby loose access to any encrypted files that user has.
The way your post read gave the impression that's all they had to
do to preserve access to their encrypted files.
I had the unfortunate experience of finding out the hard way, I
changed my password (I was an administrator-level account) from
within the 'User Accounts' control panel and subsequently all my
encrypted files were "Access Denied"....
The Encrypting File System
http://technet.microsoft.com/en-us/library/cc700811.aspx
"For Windows XP and Windows Server 2003 local accounts, a password reset disk can
be used to safely reset a user's password. (Domain passwords cannot be reset using
the disk.) If an administrator uses the "reset password" option from the user's
account in the Computer Management console users container, EFS files won't be
accessible. If users change the password back to the previous password, they can
regain access to encrypted files."
I haven't worked with EFS in a while, so you may be correct - but I recall that if
a user logs in as themself and then changes their own password (workgroup
environment, not domain - that complicates things) they will not lose asccess to
their own encrypted files. Although, again, I should point out they would be
unwise if the do not follow the Best Practices I linked to previously.
EFS, Credentials, and Private Keys from Certificates Are Unavailable After a
Password Is Reset
http://support.microsoft.com/kb/290260
*Note: "This issue can occur if the password was forcefully reset by an
administrator or owner, instead of being changed by the user."
So are you saying you changed your password using these steps (not in a domain):
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/windows_password_change.mspx
and you lost access to your encrypted files?
Or are you saying you reset another user's account (another user on the computer)
password and that user account subsequently lost access to their encrypted files
(as would be expected and pointed out in many documents - including the message you
get when resetting a users password in that manner0?
--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html
.
- References:
- Password
- From: Ed Duarte
- Re: Password
- From: Tim Meddick
- Re: Password
- From: BillW50
- Re: Password
- From: Shenan Stanley
- Re: Password
- From: Tim Meddick
- Re: Password
- From: Shenan Stanley
- Password
- Prev by Date: Duplicate Folders
- Next by Date: windows explorer error
- Previous by thread: Re: Password
- Next by thread: Password
- Index(es):
Relevant Pages
|
