I have found a bug in Vista . . . a rather costly bug for me. Hopefully MS
will fix or others will avoid.

Scenario:

1. I had EFS encrypted files on a XP Pro machine. I upgraded that machine
to vista using the method where Vista moves all XP files into the
windows.old directory.

2. After upgrading, I moved my encrypted files from the windows.old
directory to the users\user\documents directory.

3. I then restored my XP encryption key which I had backed up so I could
open these files.

4. These encrypted files now opened fine using the restored cert & key from
XP.

5. I then deleted the Vista certificate and key (not the restored cert &
key) because the cert & key Vista had created during install was not needed
since I was using the cert & key from my XP install.

6. For a few days, the files opened just fine.

7. Here's the bug . . . Having worked with these files one night just fine,
I shut down my computer. The next morning when I booted up, none of the
files would open. After extensive research using efsinfo.exe, I determined
that Vista had AUTOMATICALLY changed the thumbprint associated with the
files. The EFS thumbprint was no longer associated with the restored XP
cert & key, but it was now associated with the Vista cert & key that I had
deleted several days before.

So now, I have no way of opening these files because vista automatically
changed their EFS key association to a non-existant cert.

Brandon

Try doing a System Restore to the point just before you deleted the Vista
Certs.

I believe Vista Creates a system restore point every time you boot your
machine.

Hope this helps,

OKuma

"Brandon" <(E-Mail Removed)> wrote in message
news:3D9F06EC-4DBC-4D0F-962A-(E-Mail Removed)...
>I have found a bug in Vista . . . a rather costly bug for me. Hopefully MS
>will fix or others will avoid.
>
> Scenario:
>
> 1. I had EFS encrypted files on a XP Pro machine. I upgraded that machine
> to vista using the method where Vista moves all XP files into the
> windows.old directory.
>
> 2. After upgrading, I moved my encrypted files from the windows.old
> directory to the users\user\documents directory.
>
> 3. I then restored my XP encryption key which I had backed up so I could
> open these files.
>
> 4. These encrypted files now opened fine using the restored cert & key
> from XP.
>
> 5. I then deleted the Vista certificate and key (not the restored cert &
> key) because the cert & key Vista had created during install was not
> needed since I was using the cert & key from my XP install.
>
> 6. For a few days, the files opened just fine.
>
> 7. Here's the bug . . . Having worked with these files one night just
> fine, I shut down my computer. The next morning when I booted up, none of
> the files would open. After extensive research using efsinfo.exe, I
> determined that Vista had AUTOMATICALLY changed the thumbprint associated
> with the files. The EFS thumbprint was no longer associated with the
> restored XP cert & key, but it was now associated with the Vista cert &
> key that I had deleted several days before.
>
> So now, I have no way of opening these files because vista automatically
> changed their EFS key association to a non-existant cert.
>
> Brandon
>

"Brandon" <(E-Mail Removed)> wrote in message
news:3D9F06EC-4DBC-4D0F-962A-(E-Mail Removed)...
>I have found a bug in Vista . . .
>
Please do not mention Vista bugs here you will upset the MVPs!

Are you in a domain with a Recovery Agent? If you are, the RA can add you
back to the files as a valid user.

Vista bugs and Vista inconsistencies definitely exist, and we all say so. It
is just that they are not the ones caused by user error or lack of
familiarity with the O/S.


--


Regards,

Richard Urban MVP
Microsoft Windows Shell/User


"Grant" <(E-Mail Removed)> wrote in message
news:e8%(E-Mail Removed)...
>
> "Brandon" <(E-Mail Removed)> wrote in message
> news:3D9F06EC-4DBC-4D0F-962A-(E-Mail Removed)...
>>I have found a bug in Vista . . .
>>
> Please do not mention Vista bugs here you will upset the MVPs!
>

This bug was not a user error. The steps I followed should not have caused
a problem and did not cause a problem for several days . . . then, without
warning (or user changes), Slam!

Brandon

"Richard Urban" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Vista bugs and Vista inconsistencies definitely exist, and we all say so.
> It is just that they are not the ones caused by user error or lack of
> familiarity with the O/S.
>
>
> --
>
>
> Regards,
>
> Richard Urban MVP
> Microsoft Windows Shell/User
>
>
> "Grant" <(E-Mail Removed)> wrote in message
> news:e8%(E-Mail Removed)...
>>
>> "Brandon" <(E-Mail Removed)> wrote in message
>> news:3D9F06EC-4DBC-4D0F-962A-(E-Mail Removed)...
>>>I have found a bug in Vista . . .
>>>
>> Please do not mention Vista bugs here you will upset the MVPs!
>>
>

I wonder if that would fix it? Unfortunately, I don't have a restore point
for that time. Thanks.

Brandon

"OKuma" <(E-Mail Removed)> wrote in message
news:8714658F-812F-47B6-9135-(E-Mail Removed)...
> Try doing a System Restore to the point just before you deleted the Vista
> Certs.
>
> I believe Vista Creates a system restore point every time you boot your
> machine.
>
> Hope this helps,
>
> OKuma
>
> "Brandon" <(E-Mail Removed)> wrote in message
> news:3D9F06EC-4DBC-4D0F-962A-(E-Mail Removed)...
>>I have found a bug in Vista . . . a rather costly bug for me. Hopefully
>>MS will fix or others will avoid.
>>
>> Scenario:
>>
>> 1. I had EFS encrypted files on a XP Pro machine. I upgraded that
>> machine to vista using the method where Vista moves all XP files into the
>> windows.old directory.
>>
>> 2. After upgrading, I moved my encrypted files from the windows.old
>> directory to the users\user\documents directory.
>>
>> 3. I then restored my XP encryption key which I had backed up so I could
>> open these files.
>>
>> 4. These encrypted files now opened fine using the restored cert & key
>> from XP.
>>
>> 5. I then deleted the Vista certificate and key (not the restored cert &
>> key) because the cert & key Vista had created during install was not
>> needed since I was using the cert & key from my XP install.
>>
>> 6. For a few days, the files opened just fine.
>>
>> 7. Here's the bug . . . Having worked with these files one night just
>> fine, I shut down my computer. The next morning when I booted up, none
>> of the files would open. After extensive research using efsinfo.exe, I
>> determined that Vista had AUTOMATICALLY changed the thumbprint associated
>> with the files. The EFS thumbprint was no longer associated with the
>> restored XP cert & key, but it was now associated with the Vista cert &
>> key that I had deleted several days before.
>>
>> So now, I have no way of opening these files because vista automatically
>> changed their EFS key association to a non-existant cert.
>>
>> Brandon
>>
>

I am not saying that your problem is not real.

I certainly would have gone about what you tried to accomplish in a totally
different way. No matter what anyone may say, I would never, ever try to
carry over encryption from one operating system to another. After all, it's
"MY" data, and no one is going to look after it like I will.

I would have removed the encryption from the data before trying to upgrade
the computer. Then I would have encrypted the data a second time.

But that's just me!

--


Regards,

Richard Urban MVP
Microsoft Windows Shell/User


"Brandon" <(E-Mail Removed)> wrote in message
news:30192984-71C1-418E-A2C9-(E-Mail Removed)...
> This bug was not a user error. The steps I followed should not have
> caused a problem and did not cause a problem for several days . . . then,
> without warning (or user changes), Slam!
>
> Brandon
>
> "Richard Urban" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Vista bugs and Vista inconsistencies definitely exist, and we all say so.
>> It is just that they are not the ones caused by user error or lack of
>> familiarity with the O/S.
>>
>>
>> --
>>
>>
>> Regards,
>>
>> Richard Urban MVP
>> Microsoft Windows Shell/User
>>
>>
>> "Grant" <(E-Mail Removed)> wrote in message
>> news:e8%(E-Mail Removed)...
>>>
>>> "Brandon" <(E-Mail Removed)> wrote in message
>>> news:3D9F06EC-4DBC-4D0F-962A-(E-Mail Removed)...
>>>>I have found a bug in Vista . . .
>>>>
>>> Please do not mention Vista bugs here you will upset the MVPs!
>>>
>>
>

I agree with your strategy . . . looking back, this is what I would do in
the future. But there is no reason why the steps I followed shouldn't have
worked. The certificate is not OS dependent, so it shouldn't care if it's
on XP or Vista. And Vista shouldn't have changed the thumbprint on my files
automatically. Again, I could have followed a different route, but the
route I did follow should have worked.

Brandon

"Richard Urban" <(E-Mail Removed)> wrote in message
news:e$(E-Mail Removed)...
>I am not saying that your problem is not real.
>
> I certainly would have gone about what you tried to accomplish in a
> totally different way. No matter what anyone may say, I would never, ever
> try to carry over encryption from one operating system to another. After
> all, it's "MY" data, and no one is going to look after it like I will.
>
> I would have removed the encryption from the data before trying to upgrade
> the computer. Then I would have encrypted the data a second time.
>
> But that's just me!
>
> --
>
>
> Regards,
>
> Richard Urban MVP
> Microsoft Windows Shell/User
>
>
> "Brandon" <(E-Mail Removed)> wrote in message
> news:30192984-71C1-418E-A2C9-(E-Mail Removed)...
>> This bug was not a user error. The steps I followed should not have
>> caused a problem and did not cause a problem for several days . . . then,
>> without warning (or user changes), Slam!
>>
>> Brandon
>>
>> "Richard Urban" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> Vista bugs and Vista inconsistencies definitely exist, and we all say
>>> so. It is just that they are not the ones caused by user error or lack
>>> of familiarity with the O/S.
>>>
>>>
>>> --
>>>
>>>
>>> Regards,
>>>
>>> Richard Urban MVP
>>> Microsoft Windows Shell/User
>>>
>>>
>>> "Grant" <(E-Mail Removed)> wrote in message
>>> news:e8%(E-Mail Removed)...
>>>>
>>>> "Brandon" <(E-Mail Removed)> wrote in message
>>>> news:3D9F06EC-4DBC-4D0F-962A-(E-Mail Removed)...
>>>>>I have found a bug in Vista . . .
>>>>>
>>>> Please do not mention Vista bugs here you will upset the MVPs!
>>>>
>>>
>>
>

> I would have removed the encryption from the data before trying to upgrade
> the computer. Then I would have encrypted the data a second time.

That sounds EXACTLY RIGHT to me.

DSH

"Richard Urban" <(E-Mail Removed)> wrote in message
news:e$(E-Mail Removed)...

>I am not saying that your problem is not real.
>
> I certainly would have gone about what you tried to accomplish in a
> totally different way. No matter what anyone may say, I would never, ever
> try to carry over encryption from one operating system to another. After
> all, it's "MY" data, and no one is going to look after it like I will.
>
> I would have removed the encryption from the data before trying to upgrade
> the computer. Then I would have encrypted the data a second time.
>
> But that's just me!
>
> Regards,
>
> Richard Urban MVP
> Microsoft Windows Shell/User