Cant decrypt w/admin acct

[Dwayne]

Hello,

Have no idea what happend. I have about 60 MSWord
documents that at some point in time I applied the encrypt
attribute to. Well I went to open one and it wont let me.
I get the error that "User does not have access
privledges." I did check to see I had access to it, and I
show full priciledges. Heck I was the creator. Now I only
have this account and the default admin account on this
computer (Windows 2000 Professional as a standalone). I
used this account to encypt them. I tried using the admin
account since I read that it is the defualt Recovery
Agent, but when I tried I get an error that simply
says "Access Denied". I checked the certificates and they
are valid and still in effect and the Recovery Agent Cert
was still listed in the Trusted Certs folder in MMC.

I also ran "efsinfo /r" on the folder and files and it
says:
Recovery Agents:
Unknown (OU= EFS File Encryption Certificate, L=EFS,
CN=Dwayne ******** (* =My last name)

I Ran it with the /c option and got the following:
Users Who Can Decrypt:
Unknown (OU= EFS File Encryption Certificate, L=EFS,
CN=Dwayne ******** (My last name)
Certificate Thumbprint: FCD9 44C3 2B33 7650 07FC F5F7 6042
221A 1294 28C6

OK does anyone know what the heck happened and how come I
cant decrypt these files now or even with the Admin
account??? I havent deleted any accounts or anything so
there shouldnt have been any keys deleted or whatever.
Trying to understand this the best that I can with what I
have read today about how this works. I was under the
impression I should be able to recover the files with the
Admin account since it is supposed to be a default
Recovery Agent. Well hope someone can help me out here.
Hopefully I provided enough info here on what I have done
so far. Thank you

Dwayne

 

[Joakim]

Look at this site
http://www.elcomsoft.com/aefsdr.html

 

[Steven L Umbach]

First off you need to rule out a permissions problem. I know you said you
have full access, but logon as the built in administrator account and make
sure you have explicit full controll to that folder as administrator and the
files themselves. If there is a file in that folder that you do not need,
try to deleted it as you can delete encrypted files with proper permissions
without being able to decrypt them which would indicate you have adequate
permissions. I think a user with full control should also be able to move
encrypted files on the same volume, but not copy them since copy requires
the file to be first decrypted.

Have you reset [versus changed] your passwords, deleted or copied over your
profiles, or reinstalled the operating system?? Those will cause problems
with EFS. If you reset your password, try changing it back to what it was at
the time you encrypted the files. Resetting the password is a definite issue
in XP, but I am not sure about W2K with current service packs. By default
the recovery agent on a non domain machine is only the built in
administrator account - not just any account in the local administrators
group.

Run mmc and select the certificate snapin for user and go to the
personal/certificates folder where you should see your EFS or recovery agent
certificate. On the general page look to see if it says you have the
corresponding private key for this certificate which is what is actually
used to decrypt the files. If the private key is available, go to the
details page to see the thumbprint and that it matches what efsinfo found
for your files. If all that checks out and you have not reset your password,
reinstalled the operating system, or deleted/copied over your profile, then
it may be possible that your EFS private keys have become corrupted
omehow. --- Steve

 

[Dwayne]

-----Original Message-----
First off you need to rule out a permissions problem. I know you said you
have full access, but logon as the built in administrator account and make
sure you have explicit full controll to that folder as administrator and the
files themselves. If there is a file in that folder that you do not need,
try to deleted it as you can delete encrypted files with proper permissions
without being able to decrypt them which would indicate you have adequate
permissions. I think a user with full control should also be able to move
encrypted files on the same volume, but not copy them since copy requires
the file to be first decrypted.

Have you reset [versus changed] your passwords, deleted or copied over your
profiles, or reinstalled the operating system?? Those will cause problems
with EFS. If you reset your password, try changing it back to what it was at
the time you encrypted the files. Resetting the password is a definite issue
in XP, but I am not sure about W2K with current service packs. By default
the recovery agent on a non domain machine is only the built in
administrator account - not just any account in the local administrators
group.

Run mmc and select the certificate snapin for user and go to the
personal/certificates folder where you should see your EFS or recovery agent
certificate. On the general page look to see if it says you have the
corresponding private key for this certificate which is what is actually
used to decrypt the files. If the private key is available, go to the
details page to see the thumbprint and that it matches what efsinfo found
for your files. If all that checks out and you have not reset your password,
reinstalled the operating system, or deleted/copied over your profile, then
it may be possible that your EFS private keys have become corrupted
omehow. --- Steve

Hello,

Have no idea what happend. I have about 60 MSWord
documents that at some point in time I applied the encrypt
attribute to. Well I went to open one and it wont let me.
I get the error that "User does not have access
privledges." I did check to see I had access to it, and I
show full priciledges. Heck I was the creator. Now I only
have this account and the default admin account on this
computer (Windows 2000 Professional as a standalone). I
used this account to encypt them. I tried using the admin
account since I read that it is the defualt Recovery
Agent, but when I tried I get an error that simply
says "Access Denied". I checked the certificates and they
are valid and still in effect and the Recovery Agent Cert
was still listed in the Trusted Certs folder in MMC.

I also ran "efsinfo /r" on the folder and files and it
says:
Recovery Agents:
Unknown (OU= EFS File Encryption Certificate, L=EFS,
CN=Dwayne ******** (* =My last name)

I Ran it with the /c option and got the following:
Users Who Can Decrypt:
Unknown (OU= EFS File Encryption Certificate, L=EFS,
CN=Dwayne ******** (My last name)
Certificate Thumbprint: FCD9 44C3 2B33 7650 07FC F5F7 6042
221A 1294 28C6

OK does anyone know what the heck happened and how come I
cant decrypt these files now or even with the Admin
account??? I havent deleted any accounts or anything so
there shouldnt have been any keys deleted or whatever.
Trying to understand this the best that I can with what I
have read today about how this works. I was under the
impression I should be able to recover the files with the
Admin account since it is supposed to be a default
Recovery Agent. Well hope someone can help me out here.
Hopefully I provided enough info here on what I have done
so far. Thank you

Dwayne

Thanks for the advice. I checked the folder like you said
and yes I can delete any of the files but I cannot copy
any of them outside of the folder. I also checked the
certificates under local certificates and there was only
one listed for my user name which was to allow encyption.
I clicked details and no it doesnt match the thumbnail
print from using efsinfo. But seeing as it was the only
one listed, shouldnt there be one listed for decrypting
also? I thought about the passwords, and since I am unsure
exacly when I encrypted them, I have only ever used one
password and no longer use it. I also tried that. Tried
reusing the same password but it didnt help anything. I
noticed one thing though.

On the certificates page and details section the only cert
I had for encrypting installes siad that it wasnt trusted
becuase it wasnt also located in the trusted folder. So I
copied it there and then it said it was trusted no back on
the main details page, but that didnt help either. Well I
dont know what else to do. LOL Guess I will have to retype
all those word documents over again.

I did go to the website of the previous poster to my
original thread and downaloaded the program. I put in my
user name and password I used to use and also the name
without the password and also the admin name and password,
then choose to find all encypted files. Well it did find
them all. But then colored them pink and said that they
couldnt be decrypted. LOL OK trying to find some humor.
Well I wish I knew the lesson here, but I am unsure what
went wrong since I have not changed anything on the sys
except not using a password on this user account and the
comp is in my home. I think basically I will never encypt
again, and succumb to the fact that I am going to have to
retype all 63 documents. :-(
Dwayne

 

[Steven L Umbach]

Response inline.

-----Original Message-----
First off you need to rule out a permissions problem. I know you said you
have full access, but logon as the built in administrator account and make
sure you have explicit full controll to that folder as administrator and the
files themselves. If there is a file in that folder that you do not need,
try to deleted it as you can delete encrypted files with proper permissions
without being able to decrypt them which would indicate you have adequate
permissions. I think a user with full control should also be able to move
encrypted files on the same volume, but not copy them since copy requires
the file to be first decrypted.

Have you reset [versus changed] your passwords, deleted or copied over your
profiles, or reinstalled the operating system?? Those will cause problems
with EFS. If you reset your password, try changing it back to what it was at
the time you encrypted the files. Resetting the password is a definite issue
in XP, but I am not sure about W2K with current service packs. By default
the recovery agent on a non domain machine is only the built in
administrator account - not just any account in the local administrators
group.

Run mmc and select the certificate snapin for user and go to the
personal/certificates folder where you should see your EFS or recovery agent
certificate. On the general page look to see if it says you have the
corresponding private key for this certificate which is what is actually
used to decrypt the files. If the private key is available, go to the
details page to see the thumbprint and that it matches what efsinfo found
for your files. If all that checks out and you have not reset your password,
reinstalled the operating system, or deleted/copied over your profile, then
it may be possible that your EFS private keys have become corrupted
omehow. --- Steve

Hello,

Have no idea what happend. I have about 60 MSWord
documents that at some point in time I applied the encrypt
attribute to. Well I went to open one and it wont let me.
I get the error that "User does not have access
privledges." I did check to see I had access to it, and I
show full priciledges. Heck I was the creator. Now I only
have this account and the default admin account on this
computer (Windows 2000 Professional as a standalone). I
used this account to encypt them. I tried using the admin
account since I read that it is the defualt Recovery
Agent, but when I tried I get an error that simply
says "Access Denied". I checked the certificates and they
are valid and still in effect and the Recovery Agent Cert
was still listed in the Trusted Certs folder in MMC.

I also ran "efsinfo /r" on the folder and files and it
says:
Recovery Agents:
Unknown (OU= EFS File Encryption Certificate, L=EFS,
CN=Dwayne ******** (* =My last name)

I Ran it with the /c option and got the following:
Users Who Can Decrypt:
Unknown (OU= EFS File Encryption Certificate, L=EFS,
CN=Dwayne ******** (My last name)
Certificate Thumbprint: FCD9 44C3 2B33 7650 07FC F5F7 6042
221A 1294 28C6

OK does anyone know what the heck happened and how come I
cant decrypt these files now or even with the Admin
account??? I havent deleted any accounts or anything so
there shouldnt have been any keys deleted or whatever.
Trying to understand this the best that I can with what I
have read today about how this works. I was under the
impression I should be able to recover the files with the
Admin account since it is supposed to be a default
Recovery Agent. Well hope someone can help me out here.
Hopefully I provided enough info here on what I have done
so far. Thank you

Dwayne

If you can delete the files then you seem to have proper permissions to the folder.
The certificate is a "key pair" in that the certificate is used to encrypt the files
and the associated private key is used to decrypt the files which is why it must also
be on the computer, so you are not missing anything but since the thumprints do not
match you are pretty much out of luck unfortuneately if the thumbprints for all the
files do not match your certificate. Be sure to try to use the built in administrator
account if you have not already as that account is the default recovery agent for a
W2K workgroup computer. Good luck. --- Steve


]>