Why I can't access my own files?

T

Tony

Hi,

I met a very irratating problem: I transfer all my
files from my C drive to D drive under a win2000 system,
then I formatted the C drive and installed a XPpro
system. However, when I open the D drive, very
surprisingly, I can't open some files because of "Access
denied". I tried to take the ownership and gave all
permissions to them, but useless. Someone told me that is
caused by EFS. I can't restore the files forever! Most of
the files were once in my desktop under win2000 OS. One
thing I don't understand is why some files in this folder
readable while others not accessible?
My PC is in a domain, and I logged in my PC with the
same account all the time as an administrator.

Can anyone help me? Thanks!
 
R

Robert Michon

Ok. There are a couple of ways you may be able to get around this. But
lets explain a little first so you understand what is happening.

In the NTFS file system there is extra security and encryption information
saved with each file, this information determines who is allowed to access
the file. The OS generates a SID (Security IDentifier) for each user, that
SID is what is used to determine who can access and unencrypt a file, not
the name. So when you installed XP and are logging in as "administrator"
the OS "administrator" SID doesn't match the SID for "administrator"
associated with the file, and therefore you are being denied access to the
files.

First try to copy the files to a network share and have a Domain Admin take
ownership and try to open/unencrypt them.

Second (a little more involved), somehow get the files copied to a FAT32
formatted drive, copying them to that drive may strip the
encryption/security information and allow you access the files.

Good Luck!
 
S

Steven L Umbach

I know this has been an ongoing issue for Tony, but I never heard
confirmation that some files were encrypted. A user however can not copy an
encrypted file that he does not have the efs private key for. He might be
able to use backup and restore operation to move the file to a place where a
recovery agent may be able to decrypt it. Or if he can get the recovery
agent to log onto his computer and import his recovery agent key into that
computer, then the recovery agent may be able to decrypt those files. The
recovery agent for a domain by default is the original administrator account
on the first domain controller, but that may have been changed. The efsinfo
utility will display who can decrypt a file/folder. See KB links for more
info. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316
http://support.microsoft.com/default.aspx?scid=kb;en-us;255742
http://support.microsoft.com/default.aspx?scid=kb;en-us;242296
http://support.microsoft.com/default.aspx?scid=kb;en-us;243026
 
R

Robert Michon

Thanks for the info. Apparently there is a little more to this when you add
encryption to the mix.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Why I can't access my own files? 3
Can't delete file 3
Data encryption in Windows Server 2003 6
Can't access memory stick 6
EFS-moved from domain to AD 4
Administrative Privileques Required - Why? 1
M.2 SSD Overheating 8
Why can't I open my "Excel" files immediately? 2

Top