Encryption Confusion - Accessed denied - Yes, I Googled HELP PLEASE

[Summer]

Hi people, Boy did I do the wrong thing...XP Pro SR2:

I got curious about file/folder encryption so I did a little reading at
http://support.microsoft.com/kb/223316/en-us before attempting it.

Started to encrypt My Documents folder per the above kb article and then
canceled (turned chicken-I kept remembering the posts from unfortunate souls
who tried encryption and realized I needed to learn more before proceeding).
Noticed that some of the file/folder names were now "green" in color.
Assuming they were encrypted, I did the steps for decrypting the My
Documents folder. The folders' names now appeared in "black" text. I assumed
ALL (including files in the folders) had been decrypted.

Exported the cert with its private key to a CD, JUST IN CASE, and "removed"
the cert from the Personal window in Internet Explorer (because I read this
protects the encrypted files from physical theft of the computer).

Got brave (I mean stupid) again and tried encrypting the My Docs folder, but
again canceled.

THEN, I noticed that certain FILES were still encrypted so I attempted to
decrypt them by importing the cert from the CD. My file decryption attempts
on the individual files failed. I tried decrypting them from the folder
level but this had no effect. I see there are now TWO nearly identical certs
in the Personal window (each has a different serial number). Apparently, my
second attempt at encryption created another certificate(?). And how did the
original cert get listed again even though I "removed" it? :-/

I "viewed" the original cert for clues to what I was doing wrong and read:
"This CA Root Certificate is not trusted, etc." So, thinking I needed to put
it in the trusted cert area, I imported it there, too. Still could not
decrypt the files and now have two certs in the Personal and one in the
Trusted area.

Followed the instructions here http://www3.telus.net/dandemar/encrypt.htm to
take ownership. Turned off file sharing so I could see the security tab,
etc. Several attempts. I am still unable to decrypt the files. And not only
are there 3 certs, but now I have three names in the name list? Because
there are so many certs and names everywhere, I am thoroughly confused.
(aargh!)

Tried going back-in-time (I love this) to a restoration point, but that
didn't work, (of course). Undid the restoration and am back where I was (in
the present).

Have spent hours on this. Just want to get my system back to where it was
before I added all this stuff to it. Can someone *please* tell me how to
clean up this mess? If you need more detailed info, please let me know.
Thanks for reading this!

 

[kurttrail]

Hi people, Boy did I do the wrong thing...XP Pro SR2:

I got curious about file/folder encryption so I did a little reading
at http://support.microsoft.com/kb/223316/en-us before attempting it.

Started to encrypt My Documents folder per the above kb article and
then canceled (turned chicken-I kept remembering the posts from
unfortunate souls who tried encryption and realized I needed to learn
more before proceeding). Noticed that some of the file/folder names
were now "green" in color. Assuming they were encrypted, I did the
steps for decrypting the My Documents folder. The folders' names now
appeared in "black" text. I assumed ALL (including files in the
folders) had been decrypted.

Exported the cert with its private key to a CD, JUST IN CASE, and
"removed" the cert from the Personal window in Internet Explorer
(because I read this protects the encrypted files from physical theft
of the computer).

Got brave (I mean stupid) again and tried encrypting the My Docs
folder, but again canceled.

THEN, I noticed that certain FILES were still encrypted so I
attempted to decrypt them by importing the cert from the CD. My file
decryption attempts on the individual files failed. I tried
decrypting them from the folder level but this had no effect. I see
there are now TWO nearly identical certs in the Personal window (each
has a different serial number). Apparently, my second attempt at
encryption created another certificate(?). And how did the original
cert get listed again even though I "removed" it? :-/

I "viewed" the original cert for clues to what I was doing wrong and
read: "This CA Root Certificate is not trusted, etc." So, thinking I
needed to put it in the trusted cert area, I imported it there, too.
Still could not decrypt the files and now have two certs in the
Personal and one in the Trusted area.

Followed the instructions here
http://www3.telus.net/dandemar/encrypt.htm to take ownership. Turned
off file sharing so I could see the security tab, etc. Several
attempts. I am still unable to decrypt the files. And not only are
there 3 certs, but now I have three names in the name list? Because
there are so many certs and names everywhere, I am thoroughly
confused. (aargh!)

Tried going back-in-time (I love this) to a restoration point, but
that didn't work, (of course). Undid the restoration and am back
where I was (in the present).

Have spent hours on this. Just want to get my system back to where it
was before I added all this stuff to it. Can someone *please* tell me
how to clean up this mess? If you need more detailed info, please let
me know. Thanks for reading this!

LOL! Recover your files from your last back up.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"

 

[Summer]

To clarify for everyone:

I have recent unencrypted backups of all my data if I need to use them. What
I want to do is clean up this mess: First, decrypt the files if possible,
delete/overwrite(?) them if necessary. Second, remove/delete the certs I
created. Third, remove/delete the unnecessary names from the name list.
Step-by-step instructions for these three procedures would be great! In the
meantime, I'll do some more searching on Google.

*Helpful replies most welcome.
--
Summer (no valid email)
Thought ~
If you stop to kick at every dog that barks at you, you'll never get very
far.

<original post snipped>

 

[Kerry Brown]

To clarify for everyone:

I have recent unencrypted backups of all my data if I need to use them.
What
I want to do is clean up this mess: First, decrypt the files if possible,
delete/overwrite(?) them if necessary. Second, remove/delete the certs I
created. Third, remove/delete the unnecessary names from the name list.
Step-by-step instructions for these three procedures would be great! In
the
meantime, I'll do some more searching on Google.

*Helpful replies most welcome.

You have answered one of your own questions. Delete the files and restore
them from your backup. Then delete the certificates. Make sure you have
turned of encryption for the folders involved before doing any of this.

Kerry

 

[Summer]

| | > To clarify for everyone:
| >
| > I have recent unencrypted backups of all my data if I need to use them.
| > What
| > I want to do is clean up this mess: First, decrypt the files if
possible,
| > delete/overwrite(?) them if necessary. Second, remove/delete the certs I
| > created. Third, remove/delete the unnecessary names from the name list.
| > Step-by-step instructions for these three procedures would be great! In
| > the
| > meantime, I'll do some more searching on Google.
| >
| > *Helpful replies most welcome.
|
| You have answered one of your own questions. Delete the files and restore
| them from your backup. Then delete the certificates. Make sure you have
| turned of encryption for the folders involved before doing any of this.
|
| Kerry

Thank you for that. I wasn't sure that just 'deleting' the files would be
the correct way to fix this. What do you mean by 'turned of[f] encryption
for the folders involved'?

I see that all folders directly below My Documents are decrypted. However,
some *files* within some subfolders are encrypted (the subfolders are
decrypted). I simply delete all these files and replace with my backup
copies? It's that simple?

Thanks.

 

[Kerry Brown]

| | > To clarify for everyone:
| >
| > I have recent unencrypted backups of all my data if I need to use
them.
| > What
| > I want to do is clean up this mess: First, decrypt the files if
possible,
| > delete/overwrite(?) them if necessary. Second, remove/delete the certs
I
| > created. Third, remove/delete the unnecessary names from the name
list.
| > Step-by-step instructions for these three procedures would be great!
In
| > the
| > meantime, I'll do some more searching on Google.
| >
| > *Helpful replies most welcome.
|
| You have answered one of your own questions. Delete the files and
restore
| them from your backup. Then delete the certificates. Make sure you have
| turned of encryption for the folders involved before doing any of this.
|
| Kerry

Thank you for that. I wasn't sure that just 'deleting' the files would be
the correct way to fix this. What do you mean by 'turned of[f] encryption
for the folders involved'?

I see that all folders directly below My Documents are decrypted. However,
some *files* within some subfolders are encrypted (the subfolders are
decrypted). I simply delete all these files and replace with my backup
copies? It's that simple?

Open Windows Explorer. Right click on My Documents. Left click on
Properties. Left click on the General tab. Left click on Advanced. Make sure
there is no tick beside Encrypt contents to secure data.

Kerry

 

[Summer]

| | > | > | | > | > To clarify for everyone:
| > | >
| > | > I have recent unencrypted backups of all my data if I need to use
| > them.
| > | > What
| > | > I want to do is clean up this mess: First, decrypt the files if
| > possible,
| > | > delete/overwrite(?) them if necessary. Second, remove/delete the
certs
| > I
| > | > created. Third, remove/delete the unnecessary names from the name
| > list.
| > | > Step-by-step instructions for these three procedures would be great!
| > In
| > | > the
| > | > meantime, I'll do some more searching on Google.
| > | >
| > | > *Helpful replies most welcome.
| > |
| > | You have answered one of your own questions. Delete the files and
| > restore
| > | them from your backup. Then delete the certificates. Make sure you
have
| > | turned of encryption for the folders involved before doing any of
this.
| > |
| > | Kerry
| >
| > Thank you for that. I wasn't sure that just 'deleting' the files would
be
| > the correct way to fix this. What do you mean by 'turned of[f]
encryption
| > for the folders involved'?
| >
| > I see that all folders directly below My Documents are decrypted.
However,
| > some *files* within some subfolders are encrypted (the subfolders are
| > decrypted). I simply delete all these files and replace with my backup
| > copies? It's that simple?
| >
|
| Open Windows Explorer. Right click on My Documents. Left click on
| Properties. Left click on the General tab. Left click on Advanced. Make
sure
| there is no tick beside Encrypt contents to secure data.
|
| Kerry


Thank you so much. That's what I thought you meant but wanted to be sure
there wasn't some other area where one could turn off encryption as well.

After this fiasco, I won't be playing around with encryption any time soon.
Thanks again!

 

[Kerry Brown]

| | > | > | | > | > To clarify for everyone:
| > | >
| > | > I have recent unencrypted backups of all my data if I need to use
| > them.
| > | > What
| > | > I want to do is clean up this mess: First, decrypt the files if
| > possible,
| > | > delete/overwrite(?) them if necessary. Second, remove/delete the
certs
| > I
| > | > created. Third, remove/delete the unnecessary names from the name
| > list.
| > | > Step-by-step instructions for these three procedures would be
great!
| > In
| > | > the
| > | > meantime, I'll do some more searching on Google.
| > | >
| > | > *Helpful replies most welcome.
| > |
| > | You have answered one of your own questions. Delete the files and
| > restore
| > | them from your backup. Then delete the certificates. Make sure you
have
| > | turned of encryption for the folders involved before doing any of
this.
| > |
| > | Kerry
| >
| > Thank you for that. I wasn't sure that just 'deleting' the files would
be
| > the correct way to fix this. What do you mean by 'turned of[f]
encryption
| > for the folders involved'?
| >
| > I see that all folders directly below My Documents are decrypted.
However,
| > some *files* within some subfolders are encrypted (the subfolders are
| > decrypted). I simply delete all these files and replace with my backup
| > copies? It's that simple?
| >
|
| Open Windows Explorer. Right click on My Documents. Left click on
| Properties. Left click on the General tab. Left click on Advanced. Make
sure
| there is no tick beside Encrypt contents to secure data.
|
| Kerry


Thank you so much. That's what I thought you meant but wanted to be sure
there wasn't some other area where one could turn off encryption as well.

After this fiasco, I won't be playing around with encryption any time
soon.
Thanks again!

Your welcome. I don't want to discourage anyone from using EFS. If you need
encryption it works as good as anything I've tried. All encryption software
has a gotcha somewhere. It's the nature of trying to protect data. The
harder you make it to get at the more likely something will go wrong and you
will lose the data. You did the smart thing and had a backup available. Most
people don't.

Kerry

 

[Summer]

| | > | > | | > | > | > | > | | > | > | > To clarify for everyone:
| > | > | >
| > | > | > I have recent unencrypted backups of all my data if I need to
use
| > | > them.
| > | > | > What
| > | > | > I want to do is clean up this mess: First, decrypt the files if
| > | > possible,
| > | > | > delete/overwrite(?) them if necessary. Second, remove/delete the
| > certs
| > | > I
| > | > | > created. Third, remove/delete the unnecessary names from the
name
| > | > list.
| > | > | > Step-by-step instructions for these three procedures would be
| > great!
| > | > In
| > | > | > the
| > | > | > meantime, I'll do some more searching on Google.
| > | > | >
| > | > | > *Helpful replies most welcome.
| > | > |
| > | > | You have answered one of your own questions. Delete the files and
| > | > restore
| > | > | them from your backup. Then delete the certificates. Make sure you
| > have
| > | > | turned of encryption for the folders involved before doing any of
| > this.
| > | > |
| > | > | Kerry
| > | >
| > | > Thank you for that. I wasn't sure that just 'deleting' the files
would
| > be
| > | > the correct way to fix this. What do you mean by 'turned of[f]
| > encryption
| > | > for the folders involved'?
| > | >
| > | > I see that all folders directly below My Documents are decrypted.
| > However,
| > | > some *files* within some subfolders are encrypted (the subfolders
are
| > | > decrypted). I simply delete all these files and replace with my
backup
| > | > copies? It's that simple?
| > | >
| > |
| > | Open Windows Explorer. Right click on My Documents. Left click on
| > | Properties. Left click on the General tab. Left click on Advanced.
Make
| > sure
| > | there is no tick beside Encrypt contents to secure data.
| > |
| > | Kerry
| >
| >
| > Thank you so much. That's what I thought you meant but wanted to be sure
| > there wasn't some other area where one could turn off encryption as
well.
| >
| > After this fiasco, I won't be playing around with encryption any time
| > soon.
| > Thanks again!
|
| Your welcome. I don't want to discourage anyone from using EFS. If you
need
| encryption it works as good as anything I've tried. All encryption
software
| has a gotcha somewhere. It's the nature of trying to protect data. The
| harder you make it to get at the more likely something will go wrong and
you
| will lose the data. You did the smart thing and had a backup available.
Most
| people don't.
|
| Kerry

You haven't discouraged me. I discouraged me. I hate it when I try to do
things with my computer before I'm really ready. This is a case where I can
justify to my husband the reason for having redundant backups...
Sometime in the future after I have read *a lot* more about EFS I'll try
again.

I'm having the CPU serviced before the warranty expires and was trying to
find a way to make My Docs "private". I wonder if I can just *remove* the
whole
folder to an external backup drive? Currently it's about 1GB in
size. Something else to research.

You helped not hindered!

 

[Kerry Brown]

You haven't discouraged me. I discouraged me. I hate it when I try to do
things with my computer before I'm really ready. This is a case where I
can
justify to my husband the reason for having redundant backups...
Sometime in the future after I have read *a lot* more about EFS I'll try
again.

I'm having the CPU serviced before the warranty expires and was trying to
find a way to make My Docs "private". I wonder if I can just *remove* the
whole
folder to an external backup drive? Currently it's about 1GB in
size. Something else to research.

You helped not hindered!

I work on a lot of computers. I don't have time to look at what is on them.
I suspect most techs are the same. If you are worried make sure you have a
couple of good verified backups and erase anything private and confidential.
Don't delete the My Documents folder, just the files in it. It has special
properties in Windows that are hard to re-create. If you are really
concerned there are programs that will overwite the file so it can't be
recovered without very special equipment.

Kerry

 

[Summer]

| | >
| > You haven't discouraged me. I discouraged me. I hate it when I try to do
| > things with my computer before I'm really ready. This is a case where I
| > can
| > justify to my husband the reason for having redundant backups...
| > Sometime in the future after I have read *a lot* more about EFS I'll try
| > again.
| >
| > I'm having the CPU serviced before the warranty expires and was trying
to
| > find a way to make My Docs "private". I wonder if I can just *remove*
the
| > whole
| > folder to an external backup drive? Currently it's about 1GB in
| > size. Something else to research.
| >
| > You helped not hindered!
|
| I work on a lot of computers. I don't have time to look at what is on
them.
| I suspect most techs are the same. If you are worried make sure you have a
| couple of good verified backups and erase anything private and
confidential.
| Don't delete the My Documents folder, just the files in it. It has special
| properties in Windows that are hard to re-create. If you are really
| concerned there are programs that will overwite the file so it can't be
| recovered without very special equipment.
|
| Kerry

Thanks for letting me know not to delete the My Docs folder, Kerry. Your
suggestion to do a couple verified backups of the files and then delete them
will work for me. I merely have business contact information that I want to
keep from the public eye. See ya around...

 

[Summer]

| |
|| I work on a lot of computers. I don't have time to look at what is on
| them.
|| I suspect most techs are the same. If you are worried make sure you have
a
|| couple of good verified backups and erase anything private and
| confidential.
|| Don't delete the My Documents folder, just the files in it. It has
special
|| properties in Windows that are hard to re-create. If you are really
|| concerned there are programs that will overwite the file so it can't be
|| recovered without very special equipment.
||
|| Kerry
|
| Thanks for letting me know not to delete the My Docs folder, Kerry. Your
| suggestion to do a couple verified backups of the files and then delete
them
| will work for me. I merely have business contact information that I want
to
| keep from the public eye. See ya around...
| --
| Summer

Kerry,

Me again. I can't believe how simple the answer was!

Patience is a virtue. I had 3 files that did not have a backup. After
deleting all the certificates and the encrypted files that had backups and
restoring the backups per your instructions, I decided to try *one more
time* to decrypt these 3 files. I imported the certificate with its private
key and gave the certificate *Full Control* (which somehow I neglected to do
when I created it). Now all is well and I am able to encrypt/decrypt files.
No more confusion.

The only problem I keep encountering is that the private-key password is not
accepted if typed directly into the password window, no matter how many
times I *carefully* type it in. It only seems to work if typed into a text
file and copied to the window. :-/ Strange. But this is a minor
inconvenience.

 

[Kerry Brown]

| |
|| I work on a lot of computers. I don't have time to look at what is on
| them.
|| I suspect most techs are the same. If you are worried make sure you
have
a
|| couple of good verified backups and erase anything private and
| confidential.
|| Don't delete the My Documents folder, just the files in it. It has
special
|| properties in Windows that are hard to re-create. If you are really
|| concerned there are programs that will overwite the file so it can't be
|| recovered without very special equipment.
||
|| Kerry
|
| Thanks for letting me know not to delete the My Docs folder, Kerry. Your
| suggestion to do a couple verified backups of the files and then delete
them
| will work for me. I merely have business contact information that I want
to
| keep from the public eye. See ya around...
| --
| Summer

Kerry,

Me again. I can't believe how simple the answer was!

Patience is a virtue. I had 3 files that did not have a backup. After
deleting all the certificates and the encrypted files that had backups and
restoring the backups per your instructions, I decided to try *one more
time* to decrypt these 3 files. I imported the certificate with its
private
key and gave the certificate *Full Control* (which somehow I neglected to
do
when I created it). Now all is well and I am able to encrypt/decrypt
files.
No more confusion.

The only problem I keep encountering is that the private-key password is
not
accepted if typed directly into the password window, no matter how many
times I *carefully* type it in. It only seems to work if typed into a text
file and copied to the window. :-/ Strange. But this is a minor
inconvenience.

Glad you got it going.

Kerry

 

[Summer]

This is for anyone new to encryption who may find this thread in the future.

I'm glad to have found in WinXP's Help & Support, after a search for Best
practices: File encryption, this information:
---------------------------------------------------
Ensure files intended for encryption are created and remain encrypted
a.. Encrypt folders before creating sensitive files in them for maximum
security. Doing this causes the files to be created as encrypted and their
data is never written to the disk as plaintext.
....Encrypt files while System Restore is disabled

Disable System Restore before encrypting files that are monitored by System
Restore. Once the files have been encrypted, enable System Restore. This
ensures the encrypted files cannot be restored to an unencrypted state.

If you are encrypting file types that are monitored by System Restore, put
the files on a volume that is not monitored by System Restore. For more
information, see System Restore overview.