Re: Event ID 6032
- From: "Dave Nickason [SBS MVP]" <gwdibble@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 20 Apr 2007 15:02:12 -0400
So are these files actually on the SBS box, or on the workstation?
Are you sure that you are attempting to decrypt these files while logged in
with the exact same account you encrypted them with? I wonder if you're
having an issue with local versus domain account, or your user account
versus an Admin account.
As I said, ownership doesn't matter to EFS. Unlike regular NTFS
permissions, where the Administrator can take ownership and do whatever
he/she wishes, with EFS, it has to be the Recovery Agent that recovers the
files. The Recovery Agent does not need ownership, but it has to be the
account that holds the Recovery Agent certificate. That should be the
Administrator account by default, but it would not have to be.
If they're on the SBS, what happens if you log in as Administrator and
attempt to open the folder properties and turn off the encryption?
If they're on the workstation, use NT backup to back the whole mess up to a
file. Then log into the SBS with the Administrator account and restore the
NT Backup from the workstation to an empty folder on the SBS. Again, open
the properties and attempt to clear the encryption check box.
Also, if they're on the workstation, what happens if you log in with the
local Administrator account (not the Domain Administrator) and try to clear
the check box?
If none of that works, I'd call PSS (Microsoft Support) and see if they can
sort it out.
"Ian" <Ian@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8CD87BF3-E6CE-437D-838B-9403D4A70097@xxxxxxxxxxxxxxxx
Dave -
This is what has me stumped as well. I have done what you said with no
luck. Its really weird.
I made sure I have the recovery agent "Administrator" certificate
installed
as well and I do.
I went to Domain Contrller Security Settings -> Public Key Policies - >
Encrypted File System and the correct recovery key is in there.
I can NOT read, copy or move any of the encrypted files either. All I get
is Access Denied.
I have tried taking ownership as well.
"Dave Nickason [SBS MVP]" wrote:
EFS doesn't care who owns the files. They can only be decrypted by the
person who encrypted them, or by the designated "recovery agent." You
can
see who is the recovery agent by opening the properties of an encrypted
file
(not folder). On the General tab, click Advanced, then Details. That
said,
by default the Administrator account should be the recovery agent.
However,
you should look at the properties of one of the files to be sure.
I'm not clear on what's happening here. You'd normally be able to just
decrypt the files by reversing the process in which you encrypted them.
If
you brought up the properties of the My Documents folder and clicked the
box
to encrypt, you should just be able to un-click the box to decrypt. Or,
if
the files are stored on the server, the Administrator should be able to
decrypt them.
If the files are stored on the workstation, you can log in as
Administrator
and import the recovery agent certificate from the server. Or better
than
have that certificate on a workstation, back up the files and restore
them
on the server. Either way, if Administrator is the recovery agent, that
account should be able to decrypt the files. Then replace the encrypted
versions with the decrypted ones.
Can you read the files normally?
"Ian" <Ian@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DC58607C-B9C6-4F53-9A92-DDCA0F8A35B6@xxxxxxxxxxxxxxxx
I have tried that....
This is what has me stumped. I have taken ownership via Administrator
and
still nothing.
I would be happy to give you access to have you try yourself.
"Merv Porter [SBS-MVP]" wrote:
What happens if you log as as a domain administrator and "take
ownership"
of
the specific My Doc folder on the server and then try to decyrpt?
--
Merv Porter [SBS-MVP]
============================
"Ian" <Ian@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:21F227B2-A8E3-42D2-9971-5AB7FD88E51E@xxxxxxxxxxxxxxxx
I think... what its referring to is that they way I have the "My
Docuents"
folder mapped.
I mapped it like this instead of allowing SBS to do it .
"\\SERVER\Users\username\My Documents"
I have tried restoring it directly from the server under
Administrator
and
it gives me the same error.
"Ian" wrote:
I made the mistake of Encrypting my My Documents folder on my
Windows
XP
SP1
Workstation. Now when I try to Decrypt the files I get Access
Denied.
The following error is returned on my SBS 2003 Pre SP1 Event Logs.
Can anyone help?
Event Type: Error
Event Source: EFS
Event Category: None
Event ID: 6032
Date: 4/19/2007
Time: 2:37:10 PM
User: N/A
Computer: SERVER
Description:
EFS does not support encryption over network sessions established
using
the
NTLM protocol.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0b 00 09 80 ...?
.
- Follow-Ups:
- Re: Event ID 6032
- From: Merv Porter [SBS-MVP]
- Re: Event ID 6032
- References:
- Re: Event ID 6032
- From: Merv Porter [SBS-MVP]
- Re: Event ID 6032
- From: Ian
- Re: Event ID 6032
- From: Dave Nickason [SBS MVP]
- Re: Event ID 6032
- From: Ian
- Re: Event ID 6032
- Prev by Date: Re: Event ID 6032
- Next by Date: Re: Event ID 6032
- Previous by thread: Re: Event ID 6032
- Next by thread: Re: Event ID 6032
- Index(es):
Relevant Pages
|
