Re: HELP
- From: "Steven Umbach" <n9rou@xxxxxxxxxxxxxxxxxx>
- Date: Thu, 8 Sep 2005 00:31:28 -0500
>From the information in your post there is no way that you can access those
encrypted files. I wish I had better news but file encryption is meant to
protect access to the files from anyone that does not have the private key for
the user or the Recovery Agent. In order to use a user profile to extract the
users private key you would need to have a backed up copy from the old operating
system which you indicate you can not. A Recovery Agent would need to have been
configured before the files were encrypted. The links below should answer all
your questions. If you still have questions after reading them let me
w. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;223316&sd=tech --- EFS
best practices
http://support.microsoft.com/default.aspx?scid=kb;en-us;887414 --- EFS RA
http://support.microsoft.com/default.aspx?scid=kb;en-us;241201 ---- how to
backup RA key
http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/windows/xp/all/reskit/en-us/prnb_efs_lnfx.asp
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx --- EFS
white paper
"Medo_in_Egypt" <MedoinEgypt@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:29058EBC-60D3-4AE0-9B1F-F82D7D458C24@xxxxxxxxxxxxxxxx
> Many thanks for your reply,
>
> Please see these answer , and Please Please Give me Hand & try to Help me .
>
> 1- Unless that user had previously backed up his EFS private key to a
> password
> protected .pfx .
>
> The Annswer is :-
>
> ( No, But Can you Tell me how i can do that in the Future, so i can Plan For
> it , with my team, How i backup it & How Can I restore it , Can you Please
> Explain More to me ).
> ------------------------------------------------------------------------------
----------------
>
> 2- or you had configured a Recovery Agent for all the workgroup
> > computers
>
> The Answer is :-
>
> ( No, and Actually i do not know how to do it, i will be very gald for you ,
> if you send me the Link to start from the scratch to guide me through it ).
>
> ------------------------------------------------------------------------------
------------------
>
> 3- you have the EFS private key for the Recovery agent in a .pfx
> > file or installed on another computer
>
> The Answer is :-
>
> ( No, Can you tell me how to do it ).
>
> ------------------------------------------------------------------------------
------------------
>
> 4- From Where can i Download this Toll ( utility efsinfo ) , How can i use
> it .
>
> ------------------------------------------------------------------------------
------------------
>
> 5- No i Do not have at all Copy from the user Profile At all, & if i want to
> copy it, should first i login to the PC with ontehr user Profile & then
> Enable all the Hide Files
> in the C, then Choose Documents and settings, then choose the user Profile,
> than the one which i login with it, and then copy it, is that correct?
>
> if so, how can i restor it to another user Profile, in order to do that , or
> using the Private Key ,
>
>
> I am so sorry for that , But i really need your help in that issue ,
>
> Medo.
>
> ( medo_withu@xxxxxxxxx).
>
>
>
>
> "Steven L Umbach" wrote:
>
> > Unless that user had previously backed up his EFS private key to a password
> > protected .pfx or you had configured a Recovery Agent for all the workgroup
> > computers and you have the EFS private key for the Recovery agent in a .pfx
> > file or installed on another computer then you will never be able to access
> > those files. You can use the utility efsinfo to see what user and Recovery
> > Agents [if any] can decrypt the files along with thumbprint info for the
> > certificates that were used to encrypt the files. The users private key for
> > EFS is stored in the users profile which was destroyed during the format of
> > the system drive and is the reason you can not access the files. If you have
> > a backup copy of the users profile from a time after the files were
> > encrypted then you may be able to access the EFS files if the password for
> > the user account is known. To do such you would have to do a paid support
> > call to Microsoft [$250 or so I believe] or try the software from ElcomSoft
> > to attempt to recover the private key. ElcomSoft has a free trial download
> > that can decrypt only small files if the users private key is found and the
> > user password is known. EFS is like a double edged sword as you have found
> > out if proper precautions are not made to protect legitimate access to data.
> > The links below may help. --- Steve
> >
> > http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316 --- EFS
> > best practices.
> > http://www.elcomsoft.com/aefsdr.html --- Link to ElcomSoft
> > http://tinyurl.com/a6bml --- EFS data recovery.
> >
> >
> > "Medo_in_Egypt" <MedoinEgypt@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > news:7B10FC01-604C-40D7-A8CB-C09CAEAAA0C9@xxxxxxxxxxxxxxxx
> > > DEAR ALL,
> > >
> > > I HAVE SOMETHING HAPPEN TO MY USERS.
> > >
> > > I HAVE 5 USERS, ALL OF THEM IS UNDER THE SAME WORKGROUP, AND ALL OF THEM
> > > IS
> > > WINDOWS XP-PRO SP2.
> > >
> > > THEY ARE IN DIFFERENT WORKGROUP, THAN MY ORIGINAL WORKGROUP, BECAUSE THE 5
> > > USERS ARE FROM ANOTHER CONSULTANT COMPANY AND THEY ARE WORKING FOR PERIODE
> > > OF
> > > 8 MONTHS.
> > >
> > > ANYWAY, ONE OF THE USERS, HE WAS WORKING ON HIS PC, AND USED TO SAVE HIS
> > > FILES - EITHER IF ITS WORD OR EXCEL, ON ONTHER FOLDER.
> > >
> > > HE USED TO LOGIN TO HIS PC WITH THE USER NAME ( YTR) AND THIS USERS IS
> > > FROM
> > > ADMINISTRATIVE GORUP.
> > >
> > > FOR SOME RESOANS, THIS USERS HE MAKE ENCRYPTED FILE SYSTEM OVER THIS
> > > FOLDER
> > > AND ALL OF THE FILES WHICH IS UNDER THIS FOLDER.
> > >
> > > AFTER SOMETIME, THIS USERS WE DISCOVER TAHT HE FORMATE HIS PC COMPLETELY ,
> > > EXCEPT THE PARTITION WHICH IS INCLUDE HIS FOLDER - THE ONE WHICH WAS
> > > ENCRYPTED-.
> > >
> > > AFTER HE FORMATE HIS PC COMPLETELY, HE CREATE THE SAME USER ON THE MACHINE
> > > ,
> > > AND THEN HE TRIED TO OPEN THE FILES, NAD HE DISCOVER THAT HE IS UNABLE TO
> > > OPEN , AND WINDOWS DISPLAY ERRO MESSAGE THAT INDICATE HE DOES NOT HAVE A
> > > COMPLETE PREVILGES .
> > >
> > > I LOOKED TO PERMISSION AND I FOUND THAT , EVEN THE USER HIM SELF IS HAVE
> > > FULL CONTROL OVER THIS FOLDER AND ALSO EVERYONE HAVE THE SAME PERMISSION .
> > >
> > > HOWVER HE IS UNABLE TO OPEN THE FILE.
> > >
> > > ONCE I TRIED TO UNCHECK THE MARK FOR EFS, I FOUND THAT ITS DISPLAY ERROR
> > > MESSSGAE AND ITS UNABLE TO REMOVE THE ENCRYPTION AND DISPLAY ACCESS
> > > DENIED.
> > >
> > > CAN ANY ONE TELL ME HOW CAN I OPEN THE FILES AND LET ME SEE IT?
> > >
> > > THE MAIN THING WE FORMATE THE PC COMPLETELY.
> > >
> > > I DO NOT KNOW IF I AM CORRECT ON THIS PLAN, WHICH IS THE FOLLOWING:-
> > >
> > > 1- As LONG AS THEY ARE 5 USERS, AND ALL OF THEM ARE UNDER THE SAME
> > > WORKGROUP, CAN I COPY THE CERTIFICATE FROMT HE OTHER USER AS WELL AND
> > > THEN
> > > TRY TO REMOVE THE ENCRIPTION.
> > >
> > > I WAS TRYING EVEN TO CHANGE THE OWNERSHIP, BUT ITS COULD NOT WORK.
> > >
> > > PLEASE ADVICE ME .
> > >
> >
> >
> >
.
- Prev by Date: Re: automatically installing shared printer
- Next by Date: Re: Path Rules - Enabled Paths sometime are restricted
- Previous by thread: Re: HELP
- Next by thread: Re: Group Policy not applied after reboot (intermittent)
- Index(es):
Relevant Pages
|
