D
David H. Lipman
We are on an Active Directory Domain.
Recently, through Group Policy enforcement, EFS has been pushed to our users on notebooks.
Generally speaking things have gone well. However one of my users has run into a negative
consequence.
One of my users complained that he could no longer access one of his MS Outlook Archive
folders.
Examination found the 1.38GB to exist and Outlook was properly pointing to it. At first
it was thought that it was damaged so I ran the InBox Repair Tool. It indicated the PST
was Read-Only. When I examined the PST it did not have the Read-Only attribute but it was
encrypted. Under the end-user's account I tried to decrypt the file but I got "Access
Denied". All other PST files in the same folder (and all other data files for that
matter) were encrypted but the end-user had no problems opening any of them EXCEPT this
one 1.38GB PST file. [ a high crucial file! ]
Further examination showed a Domain service account attached to the file as
"svc.EFSRecovery.locale" (name obfuscated). I contacted the central organization
responsible for the Domain and they sent someone out to look at the end-user's PC and that
person spent 3 hours with no progress.
What went wrong with this one file ?
Can it be recovered ?
Can it be decrypted/re-encrypted using the user's account based certificate ?
Recently, through Group Policy enforcement, EFS has been pushed to our users on notebooks.
Generally speaking things have gone well. However one of my users has run into a negative
consequence.
One of my users complained that he could no longer access one of his MS Outlook Archive
folders.
Examination found the 1.38GB to exist and Outlook was properly pointing to it. At first
it was thought that it was damaged so I ran the InBox Repair Tool. It indicated the PST
was Read-Only. When I examined the PST it did not have the Read-Only attribute but it was
encrypted. Under the end-user's account I tried to decrypt the file but I got "Access
Denied". All other PST files in the same folder (and all other data files for that
matter) were encrypted but the end-user had no problems opening any of them EXCEPT this
one 1.38GB PST file. [ a high crucial file! ]
Further examination showed a Domain service account attached to the file as
"svc.EFSRecovery.locale" (name obfuscated). I contacted the central organization
responsible for the Domain and they sent someone out to look at the end-user's PC and that
person spent 3 hours with no progress.
What went wrong with this one file ?
Can it be recovered ?
Can it be decrypted/re-encrypted using the user's account based certificate ?