Encrypted vs file permissions etc.

[MICROSOFT]

Hi,

Problem: Cannot unzip or open ANY encrypted files stored on my external
USB-2 160 Gig hard drive, an ACOM.

XP Pro, SP2/hot fixed, 512 ram, two 80 Gig drvs, non-RAID etc., ext USB 160
Gig drive
XP just reinstalled - deleted partition, format, etc. etc..
Have Norton av & firewall working, no spyware yet, popup blocking on.

Problem:
External USB drive:
Inadvertantly clicked Encrypt, and thus encrypted the contents. Forgot
that happened UNTIL I needed the backups on it. Long story short, I managed
to trash the C drive drastically and after two days, figured reinstalling
would be faster since I have good backups of everything. That external
drive has ALL my most recent archives; full backup and one incremental.
Archives were created with WinZip, for easy manipulation, restoration of
files, easy compares, etc. for future work. Turns out there ain't much
future in it after all <g>!!! Anyway,

AFTER the XP re-install, I got file or security permission errors when I
tried to unzip any of the files. I ass-u-me since XP wasa reinstalled, it
thinks I'm not the owner? Anyway, working on that premise, I have succeeded
in:
-- Taking ownership of the Folders. Folders no longer indicate encrypted
(green color default font).
But, I cannot figure out any way to take ownership (if that's the problem)
of the files.

I can:
-- Copy, delete, change r, a, h, s attributes and Restore from the Recycle
Bin for the files on that drive.
-- I can NOT copy them to any DIFFERENT drives. Nothing which involves
opening of the files can succeed. When I click Properties for any of the
encrypted files, then Advanced, and clear the check mark on Encrypt Files,
Apply, I get the error message in a dialog box:
-----------------
An error occurred applying attributes to the file
Path\fname
Access is Denied.
-------------------
Options are to Ignore, Ignore All, Retry, or quit. Retry fails of course.
Ignore simply finished the windows up and closes them. Next time the window
is opened, the check mark for Encrypt Files is still there.

I had a couple of MVP articles saved on another archive CD on how to retake
ownership and set permissions on files, so I tried those, but I'm too
ignorant of the processes to be sure of what I've done/am doing. That
article allowed me to take over the folers and get rid of the R attribute,
but not to get rid of the Encrypted attribute.
Not sure whether it was XP or WinZip that did the original encryption,
though. WinZip gets essentially the same error message only shorter; I'm
not allowed to access that file. Can get the exact wording if needed.

Just for grins, I took the drive to my XP laptop and checked it there: Same
results. No access allowed.

I've tried working from the DOS prompt, Safe Mode, and taking over the files
every way I can think of, but like I said, I'm pretty ignorant around these
things.
My own Admin account, AND the system undeleteable Admin accout, both have
Full Control now; I"ve gone thru the processes and Help files several times.
The only permission I dont' have, and can't figure out how to get, OR
what it is, is "Special Permissions". I haven't looked for its meaning yet,
but I could find nothing in the groups, user, admin, etc., policies or
anywhere to set it for myself. It's not set for any account that I can see,
and I've looked at all of them.

-- What are the Special Permission?
-- How can I get access to those files at least temoprarily so that I can
unzip them or copy them to the internal hard drives where I can unsip them.?

Any assistance or useful comments would be most appreciated. I'm out of
options and starting to grab at straws at this point.

If the suggestion were to reinstall XP again that wouldn't be bad either;
the system drive is pretty well virgin anyway, so no big deal.

Thanks in Advance for your assistance and advice,

Pop

 

[MICROSOFT]

Sorry for the erroneous nick in my previous post; OE does silly things with
that field for some reason.

Pop

 

[MICROSOFT]

ALL drives are NTFS. None are fat.

Pop

 

[Admiral Q]

Do you have a "backup" of the original profile (Documents &
Settings\<profile> that encrypted the files or if you designated a "recovery
agent" a backup of its profile? If you have either, the profile can be
restored to a folder on the hard drive, and referencing the MSKB article
(you'll have to search for it - I don't remember right off hand), it tells
you have to extract and import the "encryption/decryption" CERTs into your
new/current profile - end result, you can decrypt the files.
If you don't, I'm sorry to say, they are as good as gone, as if you went to
the drive and typed in "format", or "del /s *.*" or "rmdir /s".


--
Star Fleet Admiral Q @ your service!
"Google is your Friend!"
www.google.com

***********************************************

 

[DJ Borell]

Your files were encrypted with EFS. There are only two ways to recover the
files:

1) Use an EFS Recovery agent. This is the person, the administrator on a
computer not part of a domain, that can decrypt files (other than their
own.) Unless you're system was part of a domain, this is not an option for
you as your system now has a new certificate and a new EFS Recovery Agent -
that being, the new admin account. The new certificate is not compatible
with your old certificate and, thus, cannot be used to decrypt your files.

2) Attempt to find "hacking" software that will decrypt EFS encrypted files.
Pretty unlikely. I know of no programs that can do this, and, to be honest,
if I did, I probably wouldn't tell you about them (sorry.)

Having said that, you probably get the idea that your files are pretty well
unrecoverable. A last option would be to take your drive to a data recovery
service. EFS is crackable, but you will definitely pay for it.

The best advice I can give you at this point is planning. If you're going
to use EFS, ALWAYS maintain a backup copy of your certificate separate from
your HD. On a floppy (stored securely under lock and key) is a good place.

 

[Pop]

Problem solved: Reformatted, reinstalled. (sob!) REbuilding.

Moral: BUSS!

 

[Pop]

Same crossposting as before:

OK, I know, I said I was done posting to this thread: Apparently I lied
{;-[-

Butttttt, welllllll, I've come upon an XP way to "recover" the encrypted
files after all! So far it's worked on a small, < 1 Meg folder, and one
larger, 1.8 Gig folder. Therefore, I'm ass-u-meing it'll work on the rest.
One folder, for instance, I managed to recover all but a small number of
files, mostly GIFs for some reason, out of 8,992 files in 255 folders which
were/are expendable files since they're backups of install CDs.
Of course, I'd like to recover them ALL, but I'll take what I can get!
Yes, my machine's been rebuilt as of an hour or so ago, and I've NO idea
whether that's part of the "trick" or not. I was just about to start in
tweaking when just for grins, I gave the recovery one more shot; and it's
working.

At any rate, before I published something like this in public, I thought I'd
ask the MVPs here whether they think I should. Or should I just send such
information to Microsoft? If so, where at MS should I address it? I
suspect I'm exploiting something that's not meant to be done.
I -want- to publish it here because I'd like some help in getting the
small percentage of still encrypted files back. It's hard to explain what
I'm doing, but I could write a step by step if I tried, AFTER I've recoverd
the data! Right now, I won't even restart this machine until I've copied
everything off that I can get! I'm not a -complete- fool.

I will ONLY trust responses for this particular post from MVPs, and be aware
it's easy to verify whether you are an MVP or not. I have some experience
with mvp.org.

Thanks in advance. Now I'll go see how many more thousand files I can get
back!

Pop