Hello!

Yep, ok, another EFS ****-up!

I have recently encrypted a folder on my harddrive, and of course, I forgot
to export the certificate/key. I running XP sp1, and nothing has changed
since I encrypted the files, login/user is still the same, only a few
windows updates...

Something obviously went wrong, since I cannot read the files now.

I messed around with the certificates snap-in, and probably made a mess, but
I've tried AEFSDR and EFS Key, and they both tell me that the files are
decryptable, but since they're only demos, they'll only show the first few
bytes of the files...

What can I do to use this information, and gain access to the files again?

Thank a lot!!!

Same account, same machine, EFS encrypted files
always only on that machine.
EFS cert/key still shows in Certificates admin tool
for the account.
Right?
Account still has same password as before ?
If not, try changing it back, and next time change it
with the interface that all accounts have rather than
the reset interface that only admin accounts have.
If that is not it, post back

--
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"TJE" <TJE@cadwalk removeme.com> wrote in message
news:F_3rb.4476$(E-Mail Removed)...
> Hello!
>
> Yep, ok, another EFS ****-up!
>
> I have recently encrypted a folder on my harddrive, and of course, I
forgot
> to export the certificate/key. I running XP sp1, and nothing has changed
> since I encrypted the files, login/user is still the same, only a few
> windows updates...
>
> Something obviously went wrong, since I cannot read the files now.
>
> I messed around with the certificates snap-in, and probably made a mess,
but
> I've tried AEFSDR and EFS Key, and they both tell me that the files are
> decryptable, but since they're only demos, they'll only show the first few
> bytes of the files...
>
> What can I do to use this information, and gain access to the files again?
>
> Thank a lot!!!
>
>

Hello Roger!

Thanks for your answer!

Yes, same account, password and machine... I have quite a few different EFS
cert/keys in the certificates snapin, so I don't know which one it is, but
it must be there somewhere, as AEFSDR and EFS Key reports. What is the admin
tool for the account?

What do you mean by 'with the interface that all accounts have rather than
the reset interface that only admin accounts have.' ?? I haven't changed the
interface, and I didn't use the administrator account to encrypt the
folders, just my usual account.

I did mess around with some StyleXp program, and it has left some sort of
certificate, but surely that has nothing to do with EFS?

Thanks again,

/Thomas


"Roger Abell" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Same account, same machine, EFS encrypted files
> always only on that machine.
> EFS cert/key still shows in Certificates admin tool
> for the account.
> Right?
> Account still has same password as before ?
> If not, try changing it back, and next time change it
> with the interface that all accounts have rather than
> the reset interface that only admin accounts have.
> If that is not it, post back
>
> --
> Roger Abell
> Microsoft MVP (Windows Server System: Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "TJE" <TJE@cadwalk removeme.com> wrote in message
> news:F_3rb.4476$(E-Mail Removed)...
> > Hello!
> >
> > Yep, ok, another EFS ****-up!
> >
> > I have recently encrypted a folder on my harddrive, and of course, I
> forgot
> > to export the certificate/key. I running XP sp1, and nothing has changed
> > since I encrypted the files, login/user is still the same, only a few
> > windows updates...
> >
> > Something obviously went wrong, since I cannot read the files now.
> >
> > I messed around with the certificates snap-in, and probably made a mess,
> but
> > I've tried AEFSDR and EFS Key, and they both tell me that the files are
> > decryptable, but since they're only demos, they'll only show the first
few
> > bytes of the files...
> >
> > What can I do to use this information, and gain access to the files
again?
> >
> > Thank a lot!!!
> >
> >
>
>

But did you change the password ?

If you log in with a non-admin account and change the
account's password you need to provide the old and
new passwords. Doing this will not bread EFS access.
If you log in with an admin account you have two ways
to change the password - I think one is termed reset the
password and does not require the old password. An
admin account has this password reset available on all
accounts. If this interface is used to reset a password,
of the account itself or another, then the EFS access will
be disabled.
You should try using the efsinfo.exe utility from the
optional support tools install (on product CD in the
support\tools directory). This will allow you to see
the thumbprints of the different certificates and for the
files you cannot access, and from this you will be able
to determine which EFS cert/key should be in your
Certificates snap-in displayed storage.
Whenever you remove one of the excess certificate/key
pairs, be certain that you first export them to file so that
you have a route back by importing if needed.

--
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"TJE" <TJE@cadwalk removeme.com> wrote in message
news:9Sqrb.4955$(E-Mail Removed)...
> Hello Roger!
>
> Thanks for your answer!
>
> Yes, same account, password and machine... I have quite a few different
EFS
> cert/keys in the certificates snapin, so I don't know which one it is, but
> it must be there somewhere, as AEFSDR and EFS Key reports. What is the
admin
> tool for the account?
>
> What do you mean by 'with the interface that all accounts have rather than
> the reset interface that only admin accounts have.' ?? I haven't changed
the
> interface, and I didn't use the administrator account to encrypt the
> folders, just my usual account.
>
> I did mess around with some StyleXp program, and it has left some sort of
> certificate, but surely that has nothing to do with EFS?
>
> Thanks again,
>
> /Thomas
>
>
> "Roger Abell" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Same account, same machine, EFS encrypted files
> > always only on that machine.
> > EFS cert/key still shows in Certificates admin tool
> > for the account.
> > Right?
> > Account still has same password as before ?
> > If not, try changing it back, and next time change it
> > with the interface that all accounts have rather than
> > the reset interface that only admin accounts have.
> > If that is not it, post back
> >
> > --
> > Roger Abell
> > Microsoft MVP (Windows Server System: Security)
> > MCSE (W2k3,W2k,Nt4) MCDBA
> > "TJE" <TJE@cadwalk removeme.com> wrote in message
> > news:F_3rb.4476$(E-Mail Removed)...
> > > Hello!
> > >
> > > Yep, ok, another EFS ****-up!
> > >
> > > I have recently encrypted a folder on my harddrive, and of course, I
> > forgot
> > > to export the certificate/key. I running XP sp1, and nothing has
changed
> > > since I encrypted the files, login/user is still the same, only a few
> > > windows updates...
> > >
> > > Something obviously went wrong, since I cannot read the files now.
> > >
> > > I messed around with the certificates snap-in, and probably made a
mess,
> > but
> > > I've tried AEFSDR and EFS Key, and they both tell me that the files
are
> > > decryptable, but since they're only demos, they'll only show the first
> few
> > > bytes of the files...
> > >
> > > What can I do to use this information, and gain access to the files
> again?
> > >
> > > Thank a lot!!!
> > >
> > >
> >
> >
>
>

I've been researching the same (or at least similar) issue with XP's
EFS on an NT4 domain. I found this SAIC page very enlightening:
https://ess.saic.com/xp-encryption.html. My remainng question is:
does Microsoft have a similar workaround 9either procedural or patch)
that I could use? Not anxious to just throw 3rd party patches to the
OS on left and right? Any thoughts or other insight?

"Roger Abell" <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>...
> But did you change the password ?
>
> If you log in with a non-admin account and change the
> account's password you need to provide the old and
> new passwords. Doing this will not bread EFS access.
> If you log in with an admin account you have two ways
> to change the password - I think one is termed reset the
> password and does not require the old password. An
> admin account has this password reset available on all
> accounts. If this interface is used to reset a password,
> of the account itself or another, then the EFS access will
> be disabled.
> You should try using the efsinfo.exe utility from the
> optional support tools install (on product CD in the
> support\tools directory). This will allow you to see
> the thumbprints of the different certificates and for the
> files you cannot access, and from this you will be able
> to determine which EFS cert/key should be in your
> Certificates snap-in displayed storage.
> Whenever you remove one of the excess certificate/key
> pairs, be certain that you first export them to file so that
> you have a route back by importing if needed.
>
> --
> Roger Abell
> Microsoft MVP (Windows Server System: Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "TJE" <TJE@cadwalk removeme.com> wrote in message
> news:9Sqrb.4955$(E-Mail Removed)...
> > Hello Roger!
> >
> > Thanks for your answer!
> >
> > Yes, same account, password and machine... I have quite a few different
> EFS
> > cert/keys in the certificates snapin, so I don't know which one it is, but
> > it must be there somewhere, as AEFSDR and EFS Key reports. What is the
> admin
> > tool for the account?
> >
> > What do you mean by 'with the interface that all accounts have rather than
> > the reset interface that only admin accounts have.' ?? I haven't changed
> the
> > interface, and I didn't use the administrator account to encrypt the
> > folders, just my usual account.
> >
> > I did mess around with some StyleXp program, and it has left some sort of
> > certificate, but surely that has nothing to do with EFS?
> >
> > Thanks again,
> >
> > /Thomas
> >
> >
> > "Roger Abell" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> > > Same account, same machine, EFS encrypted files
> > > always only on that machine.
> > > EFS cert/key still shows in Certificates admin tool
> > > for the account.
> > > Right?
> > > Account still has same password as before ?
> > > If not, try changing it back, and next time change it
> > > with the interface that all accounts have rather than
> > > the reset interface that only admin accounts have.
> > > If that is not it, post back
> > >
> > > --
> > > Roger Abell
> > > Microsoft MVP (Windows Server System: Security)
> > > MCSE (W2k3,W2k,Nt4) MCDBA
> > > "TJE" <TJE@cadwalk removeme.com> wrote in message
> > > news:F_3rb.4476$(E-Mail Removed)...
> > > > Hello!
> > > >
> > > > Yep, ok, another EFS ****-up!
> > > >
> > > > I have recently encrypted a folder on my harddrive, and of course, I
> forgot
> > > > to export the certificate/key. I running XP sp1, and nothing has
> changed
> > > > since I encrypted the files, login/user is still the same, only a few
> > > > windows updates...
> > > >
> > > > Something obviously went wrong, since I cannot read the files now.
> > > >
> > > > I messed around with the certificates snap-in, and probably made a
> mess,
> but
> > > > I've tried AEFSDR and EFS Key, and they both tell me that the files
> are
> > > > decryptable, but since they're only demos, they'll only show the first
> few
> > > > bytes of the files...
> > > >
> > > > What can I do to use this information, and gain access to the files
> again?
> > > >
> > > > Thank a lot!!!
> > > >
> > > >
> > >
> > >
> >
> >