Re: HELP
- From: "Medo_in_Egypt" <MedoinEgypt@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 7 Sep 2005 15:16:03 -0700
Many thanks for your reply,
Please see these answer , and Please Please Give me Hand & try to Help me .
1- Unless that user had previously backed up his EFS private key to a
password
protected .pfx .
The Annswer is :-
( No, But Can you Tell me how i can do that in the Future, so i can Plan For
it , with my team, How i backup it & How Can I restore it , Can you Please
Explain More to me ).
----------------------------------------------------------------------------------------------
2- or you had configured a Recovery Agent for all the workgroup
> computers
The Answer is :-
( No, and Actually i do not know how to do it, i will be very gald for you ,
if you send me the Link to start from the scratch to guide me through it ).
------------------------------------------------------------------------------------------------
3- you have the EFS private key for the Recovery agent in a .pfx
> file or installed on another computer
The Answer is :-
( No, Can you tell me how to do it ).
------------------------------------------------------------------------------------------------
4- From Where can i Download this Toll ( utility efsinfo ) , How can i use
it .
------------------------------------------------------------------------------------------------
5- No i Do not have at all Copy from the user Profile At all, & if i want to
copy it, should first i login to the PC with ontehr user Profile & then
Enable all the Hide Files
in the C, then Choose Documents and settings, then choose the user Profile,
than the one which i login with it, and then copy it, is that correct?
if so, how can i restor it to another user Profile, in order to do that , or
using the Private Key ,
I am so sorry for that , But i really need your help in that issue ,
Medo.
( medo_withu@xxxxxxxxx).
"Steven L Umbach" wrote:
> Unless that user had previously backed up his EFS private key to a password
> protected .pfx or you had configured a Recovery Agent for all the workgroup
> computers and you have the EFS private key for the Recovery agent in a .pfx
> file or installed on another computer then you will never be able to access
> those files. You can use the utility efsinfo to see what user and Recovery
> Agents [if any] can decrypt the files along with thumbprint info for the
> certificates that were used to encrypt the files. The users private key for
> EFS is stored in the users profile which was destroyed during the format of
> the system drive and is the reason you can not access the files. If you have
> a backup copy of the users profile from a time after the files were
> encrypted then you may be able to access the EFS files if the password for
> the user account is known. To do such you would have to do a paid support
> call to Microsoft [$250 or so I believe] or try the software from ElcomSoft
> to attempt to recover the private key. ElcomSoft has a free trial download
> that can decrypt only small files if the users private key is found and the
> user password is known. EFS is like a double edged sword as you have found
> out if proper precautions are not made to protect legitimate access to data.
> The links below may help. --- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316 --- EFS
> best practices.
> http://www.elcomsoft.com/aefsdr.html --- Link to ElcomSoft
> http://tinyurl.com/a6bml --- EFS data recovery.
>
>
> "Medo_in_Egypt" <MedoinEgypt@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:7B10FC01-604C-40D7-A8CB-C09CAEAAA0C9@xxxxxxxxxxxxxxxx
> > DEAR ALL,
> >
> > I HAVE SOMETHING HAPPEN TO MY USERS.
> >
> > I HAVE 5 USERS, ALL OF THEM IS UNDER THE SAME WORKGROUP, AND ALL OF THEM
> > IS
> > WINDOWS XP-PRO SP2.
> >
> > THEY ARE IN DIFFERENT WORKGROUP, THAN MY ORIGINAL WORKGROUP, BECAUSE THE 5
> > USERS ARE FROM ANOTHER CONSULTANT COMPANY AND THEY ARE WORKING FOR PERIODE
> > OF
> > 8 MONTHS.
> >
> > ANYWAY, ONE OF THE USERS, HE WAS WORKING ON HIS PC, AND USED TO SAVE HIS
> > FILES - EITHER IF ITS WORD OR EXCEL, ON ONTHER FOLDER.
> >
> > HE USED TO LOGIN TO HIS PC WITH THE USER NAME ( YTR) AND THIS USERS IS
> > FROM
> > ADMINISTRATIVE GORUP.
> >
> > FOR SOME RESOANS, THIS USERS HE MAKE ENCRYPTED FILE SYSTEM OVER THIS
> > FOLDER
> > AND ALL OF THE FILES WHICH IS UNDER THIS FOLDER.
> >
> > AFTER SOMETIME, THIS USERS WE DISCOVER TAHT HE FORMATE HIS PC COMPLETELY ,
> > EXCEPT THE PARTITION WHICH IS INCLUDE HIS FOLDER - THE ONE WHICH WAS
> > ENCRYPTED-.
> >
> > AFTER HE FORMATE HIS PC COMPLETELY, HE CREATE THE SAME USER ON THE MACHINE
> > ,
> > AND THEN HE TRIED TO OPEN THE FILES, NAD HE DISCOVER THAT HE IS UNABLE TO
> > OPEN , AND WINDOWS DISPLAY ERRO MESSAGE THAT INDICATE HE DOES NOT HAVE A
> > COMPLETE PREVILGES .
> >
> > I LOOKED TO PERMISSION AND I FOUND THAT , EVEN THE USER HIM SELF IS HAVE
> > FULL CONTROL OVER THIS FOLDER AND ALSO EVERYONE HAVE THE SAME PERMISSION .
> >
> > HOWVER HE IS UNABLE TO OPEN THE FILE.
> >
> > ONCE I TRIED TO UNCHECK THE MARK FOR EFS, I FOUND THAT ITS DISPLAY ERROR
> > MESSSGAE AND ITS UNABLE TO REMOVE THE ENCRYPTION AND DISPLAY ACCESS
> > DENIED.
> >
> > CAN ANY ONE TELL ME HOW CAN I OPEN THE FILES AND LET ME SEE IT?
> >
> > THE MAIN THING WE FORMATE THE PC COMPLETELY.
> >
> > I DO NOT KNOW IF I AM CORRECT ON THIS PLAN, WHICH IS THE FOLLOWING:-
> >
> > 1- As LONG AS THEY ARE 5 USERS, AND ALL OF THEM ARE UNDER THE SAME
> > WORKGROUP, CAN I COPY THE CERTIFICATE FROMT HE OTHER USER AS WELL AND
> > THEN
> > TRY TO REMOVE THE ENCRIPTION.
> >
> > I WAS TRYING EVEN TO CHANGE THE OWNERSHIP, BUT ITS COULD NOT WORK.
> >
> > PLEASE ADVICE ME .
> >
>
>
>
.
- Follow-Ups:
- Re: HELP
- From: Steven Umbach
- Re: HELP
- Prev by Date: Re: HELP
- Next by Date: Re: Path Rules - Enabled Paths sometime are restricted
- Previous by thread: Re: HELP
- Next by thread: Re: HELP
- Index(es):
Relevant Pages
|
