Decryption not working...have certificate

Scott · Oct 30, 2003

Hi,

I have a couple XP SP1 laptops that are used for travel. I
encrypted the entire user's profile so anything they saved
to their My Documents folder or Desktop would
automatically become encrypted. After they returned from
their trip and logged back onto our network their desktop
links and all documents that were encrypted will not
decrypt or open. I cannot change the encryption attribute
even though the original EFS certificate still exists.
While on travel the users were logging on with cached
network credentials. Any ideas?
Thanks.

Roger Abell · Oct 31, 2003

Scott said:
Hi,

I have a couple XP SP1 laptops that are used for travel. I
encrypted the entire user's profile so anything they saved
to their My Documents folder or Desktop would
automatically become encrypted. After they returned from
their trip and logged back onto our network their desktop
links and all documents that were encrypted will not
decrypt or open. I cannot change the encryption attribute
even though the original EFS certificate still exists.
While on travel the users were logging on with cached
network credentials. Any ideas?
Thanks.

Was their password changed ?
You should be able to import the cert/key into a
new account and have access to the files. Does
this actually work ?

Guest · Oct 31, 2003

-----Original Message-----

Was their password changed ?
You should be able to import the cert/key into a
new account and have access to the files. Does
this actually work ?

--
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4) MCDBA

.

Passwords were not changed. I am able to decrypt other
user files and even folders of the users in question. But
nothing with the files.

Roger Abell [MVP] · Nov 1, 2003

Did they ever use the domain account for encryption while they
were in contact with the domain and before they used encryption
in a disconnected state ?
Is this an uplevel domain ? If it is NT 4 you should review
http://support.microsoft.com/?id=331333

Roger Abell [MVP] · Nov 1, 2003

Scott,

As they can access some but not all of their EFS files,
you should examine the thumbprints on the files using
the efsinfo.exe tool that installs as part of the support tools.
You may find that the accounts encrypted files for the first
time on the machine when it was disconnected from the
network, and so the on-demand EFS certificate that was
created was stored into the cached profile.

New EFS tool available - EFS Certificate Configuration Updater	14	Aug 17, 2007
Questions & Results on a Trivial EFS Experiment	6	Aug 6, 2007
Decrypting files	6	Jan 20, 2005
Win XP Pro-EFS Decryption after OS reinstalled-HELP PLEASE!!!	1	Apr 4, 2006
Regain access to EFS encrypted files	11	May 5, 2006
Using EFS for laptops in a domain	6	Sep 1, 2006
End User Profile corruption on Vista Enterprise in AD	2	Jan 9, 2010
Difficulty restoring PFX certificate	0	Aug 24, 2007

Decryption not working...have certificate

Scott

Roger Abell

Guest

Roger Abell [MVP]

Roger Abell [MVP]

Ask a Question

Similar Threads