G
Guest
I am unable to open or decrypt files that I previously encrypted. Can anyone
offer any insight?
offer any insight?
K
Kerry Brown
DeltaBankUser said:
You don't give us enough information. Has your password for your user
account been changed? Did you reinstall Windows? Have there been any changes
to your system?
Kerry
G
Guest
The password for the user account has been recently changed. Password
expires every 30 days and must be changed. If this is the cause, how can I
solve?
expires every 30 days and must be changed. If this is the cause, how can I
solve?
R
Rock
DeltaBankUser said:
Suggest you don't use XP's EFS. There are so many ways it can bite you,
and the protection is minimal.
K
Kerry Brown
DeltaBankUser said:
Try changing the password back. If you are in a domain you may have to get
an administrator to temporarily change the policy if you cannot change it
back. Do not allow the password to be changed other than by the user. Check
out the cipher command for updating the keys. Also check to see if there is
a default recovery agent set up. The following link is an overview of EFS.
It is a complicated service with many pitfalls to snag the unwary.
http://www.microsoft.com/resources/...Windows/XP/all/reskit/en-us/prnb_efs_qutx.asp
Kerry
G
Guest
How useless is this comment?
I have obviously already been bitten by XP's EFS and have no intention of
using again.
I have obviously already been bitten by XP's EFS and have no intention of
using again.
G
Guest
Great idea. Unfortunately, I do not remember my previous password. I do not
(as I should not) keep records of passwords.
Any other suggestions?
(as I should not) keep records of passwords.
Any other suggestions?
K
Kerry Brown
DeltaBankUser said:
There were a couple of suggestions in my last post. EFS is complicated.
Without knowing exactly what was done no one will be able to give you step
by step instructions. If your data is important, read through the link. See
if anything there applies to you. In particular look to see if there is a
default recovery agent in place. If you are in a domain talk to the domain
admins. If this doesn't help then you will have to take the PC to a local
expert to see if anything can be recovered. It is doubtful at this point.
Kerry
R
Rock
DeltaBankUser said:
Use it for what you want. I didn't know if your intention was to figure
out a way to continue using EFS or to abandon it. If the former then my
comment was to help you make the decision not to. You've decided the
later which is good.
Good luck to you.
N
NobodyMan
Welcome to the world of EFS. If this was your home computer, what
state level secrets were you protecting at home? Surely there was an
easier way to hide your porno collection?
N
NobodyMan
What local expert will be able to break the encryption...unless your
local expert is an NSA agent who can take the hard drive to work with
him/her? Even with that, decryption is not a given.
local expert is an NSA agent who can take the hard drive to work with
him/her? Even with that, decryption is not a given.
K
Kerry Brown
NobodyMan said:
Did I say anywhere a local expert would be able to break the encryption? It
is possible given the OP's answers that the certificate and key may be
recoverable. If the certificate is recoverable it is quite easy to decrypt
the files. EFS gets a bad rap on this news group. Many people have to use it
because of policies put in place by their employer or the government. It
would be nice if people were warned first but MS in their wisdom decided not
to warn people to back up the key before allowing encryption to happen. Just
because the key is lost doesn't mean it can't be found.
Kerry
N
NobodyMan
You said this:
"If this doesn't help then you will have to take the PC to a local
expert to see if anything can be recovered. It is doubtful at this
point."
That sentence STRONGLY implied that a local expert might be able to
break the encryption. You never specifed retrieving the encryption
certificates or keys.
K
Kerry Brown
NobodyMan said:
You may have read that into it but it was not implied. It's stupid arguing
over semantics. If you actually read my post I also said that it was
doubtful that anything could be recovered. From your posts it's obvious you
don't like Microsoft and particulary don't like the way they implemented
EFS. Don't let this stand in the way of helping someone who has a problem. I
don't really like the way EFS is implemented either but it exists, it works
if you do everything right. If you do something wrong you will lose your
data. This is true of most encryption, otherwise it would be too easy for
the wrong person to decrypt the file. The only thing really wrong with EFS
is the documentation and the fact that there are no warnings before it's
use.
Kerry
G
GreenieLeBrun
To quote from page 496 of "Microsoft Windows XP Inside out" by Ed Bott
& Carl Siechert 2001 Microsoft Press (Publisher) ISBN 0-7356-1382-6
" If you copy (an encrypted file) to a FAT volume (including floppy
disks) or to an NTFS volume on a computer that is running Windows NT,
the file becomes decrypted "
I haven't tried it because I do not use EFS but you may as well try it.
It may even work with a FAT32 formatted HDD.
& Carl Siechert 2001 Microsoft Press (Publisher) ISBN 0-7356-1382-6
" If you copy (an encrypted file) to a FAT volume (including floppy
disks) or to an NTFS volume on a computer that is running Windows NT,
the file becomes decrypted "
I haven't tried it because I do not use EFS but you may as well try it.
It may even work with a FAT32 formatted HDD.
K
Kerry Brown
GreenieLeBrun said:
This only works if you can decrypt the file in the first place. In this case
it wouldn't work.
Kerry
N
NobodyMan
It's not that I don't like, or dislike, MS or the policies. That is
irrelevant. I have used MS OSs for years and let's face it, for PC
desktops, it's the Gold Standard.
What I really don't like is even making EFS an option. IMO, it should
be an add-on you can acquire. It is strong encryption, but it is also
weak, as it is only as strong as the user account password which
protects it - which, for a HUGE majority of home users, means anybody
can access their files since most don't even bother with passwords.
Those that use them don't use very strong ones.
It also has no real purpose on a huge majority of household PCs. This
is DOD (IOW, governmental) level encryption. What state secrets are
all these people protecting? Let's face it, there are so many easier
ways to hide porn collections!
K
Kerry Brown
NobodyMan said:
I just realised I had you mixed up with someone with a similar handle from a
different newsgroup. I guess I'm getting senile
Many people do need encryption. Anyone who contracts or works for the
government may be required to use it. Many corporations require encryption
of sensitive files. It's not available in XP Home which is what most home
users are using. It also won't work for an account with no password. Any
encryption scheme is susceptible to lost keys. It's the nature of the beast.
You are probably right in that it should be something you have to install.
At the very least there should be a mandatory readme explaining the
pitfalls.
Kerry