Another EFS riddle

  • Thread starter Thread starter TJE
  • Start date Start date
T

TJE

Hello!

Yep, ok, another EFS ****-up!

I have recently encrypted a folder on my harddrive, and of course, I forgot
to export the certificate/key. I running XP sp1, and nothing has changed
since I encrypted the files, login/user is still the same, only a few
windows updates...

Something obviously went wrong, since I cannot read the files now.

I messed around with the certificates snap-in, and probably made a mess, but
I've tried AEFSDR and EFS Key, and they both tell me that the files are
decryptable, but since they're only demos, they'll only show the first few
bytes of the files...

What can I do to use this information, and gain access to the files again?

Thank a lot!!!
 
Same account, same machine, EFS encrypted files
always only on that machine.
EFS cert/key still shows in Certificates admin tool
for the account.
Right?
Account still has same password as before ?
If not, try changing it back, and next time change it
with the interface that all accounts have rather than
the reset interface that only admin accounts have.
If that is not it, post back
 
Hello Roger!

Thanks for your answer!

Yes, same account, password and machine... I have quite a few different EFS
cert/keys in the certificates snapin, so I don't know which one it is, but
it must be there somewhere, as AEFSDR and EFS Key reports. What is the admin
tool for the account?

What do you mean by 'with the interface that all accounts have rather than
the reset interface that only admin accounts have.' ?? I haven't changed the
interface, and I didn't use the administrator account to encrypt the
folders, just my usual account.

I did mess around with some StyleXp program, and it has left some sort of
certificate, but surely that has nothing to do with EFS?

Thanks again,

/Thomas
 
But did you change the password ?

If you log in with a non-admin account and change the
account's password you need to provide the old and
new passwords. Doing this will not bread EFS access.
If you log in with an admin account you have two ways
to change the password - I think one is termed reset the
password and does not require the old password. An
admin account has this password reset available on all
accounts. If this interface is used to reset a password,
of the account itself or another, then the EFS access will
be disabled.
You should try using the efsinfo.exe utility from the
optional support tools install (on product CD in the
support\tools directory). This will allow you to see
the thumbprints of the different certificates and for the
files you cannot access, and from this you will be able
to determine which EFS cert/key should be in your
Certificates snap-in displayed storage.
Whenever you remove one of the excess certificate/key
pairs, be certain that you first export them to file so that
you have a route back by importing if needed.
 
I've been researching the same (or at least similar) issue with XP's
EFS on an NT4 domain. I found this SAIC page very enlightening:
https://ess.saic.com/xp-encryption.html. My remainng question is:
does Microsoft have a similar workaround 9either procedural or patch)
that I could use? Not anxious to just throw 3rd party patches to the
OS on left and right? Any thoughts or other insight?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

New EFS tool available - EFS Certificate Configuration Updater 14
Help with EFS 1
Size of EFS encrypted files 1
Changing computers with EFS documents 1
EFS Data Recovery 1
EFS Trouble - External Drive 2
Re: How to decrypt files without the EFS Certificate 4
recover EFS certificate/key without the wizard/cipher.exe 1

Back
Top