Windows XP -- encrypt, decrypt -- I am in deep TROUBLE -- HELP!!

[Guest]

Hmm.. when you lose your data including all the pics, video, taxes etc. etc.
I would love to hear how would you spell and talk! No you did not try to
understand. Finally someone posted a decent technical reply. THANKS!

 

[johnny]

Obligatory Microsoft bashing noted.


Let's review:

" I thought let's encrypt the data -- enabled on my sensitive data folder.
Looked all easy and nice."

So far, so good.

"Password change -- don't remember what the password was when I did encrypt"

You *forgot* your password.

Awwwww, poor thing.

He didn't say he lost his password. It could be a glitch from a
Microsoft update. I've have some stuff stop working after an update but I
haven't used the EFS yet. Even so, this guy should've backed up his files
before encryption and put that backup into a secure place if his data is
highly valued.

 

[relic]

He didn't say he lost his password. It could be a glitch from a
Microsoft update. I've have some stuff stop working after an update
but I haven't used the EFS yet. Even so, this guy should've backed up
his files before encryption and put that backup into a secure place
if his data is highly valued.

Actually, all he had to do was follow the instructions from Microsoft on
Encryption usage.

 

[Allan Hill]

He didn't say he lost his password.

Yeah, he did.


If you ever learn to read, feel free to post once again.

 

[johnny]

Yeah, he did.



If you ever learn to read, feel free to post once again.

I see - you never make mistakes? Yeah, right. Next time you feel like
replying leave your crappy attitude checked at the door.

 

[Guest]

Johny thanks for the support.

Guys -- please read my detailed analysis email on this issue.
I recovered the password but no data.

Luckily I had decrypted data backed up but lost some data which was not that
important. So I was saved.

Password was not changed because I wanted -- XP asked me to change password.

Even paid MS support could not solve the problem.

Moved on to MAC. Ordered iMAC 20" this weekend.

My rant -- looks like it was not justified by some of you -- was about
design of this feature. Read my 2nd post carefully before jumping into
spelling, language, attitude etc. which brings out the mob-mentality and the
real concern gets lost.

 

[Guest]

Suzi,
Don't know what you are trying to do with 3 replies. Read my 2nd post.

 

[Guest]

Will is right, there is an issue here. He only changed his password because
he was prompted to. Changing passwords every so often is a recommended
security feature. If he changed his password when prompted and it did not
apply to the files or folders that he encrypted, there is indeed a Microsoft
issue to be dealt with.

I'm just beginning to look into encrypted folders or entire drives and am
trying to research issues like this so I'll know how to deal with it.

One rebuke was enough - the other personal attacks seemed like piling on to
me.

 

[Patrick Keenan]

Will is right, there is an issue here. He only changed his password
because
he was prompted to. Changing passwords every so often is a recommended
security feature. If he changed his password when prompted and it did not
apply to the files or folders that he encrypted, there is indeed a
Microsoft
issue to be dealt with.

I'm just beginning to look into encrypted folders or entire drives and am
trying to research issues like this so I'll know how to deal with it.

Changing the password from within the account should not affect encrypted
files, though it would be a good idea to re-export certificates. It's the
only safe way to change the password.

Changing the password from *outside* the account (i.e, from users in another
Admin acccount or a password removal tool) is pretty much guaranteed to
break access to encrypted files and folder.

I don't find any posts with this title and there are no references here, so
I can't comment on the original, but when using EFS it is critical to
complete the job and export the certificates, *and test them*. Store
copies of the certificates offsite on non-decaying media.

HTH
-pk

 

[Guest]

These are the kinds of issues, answers and suggestions I came here looking
for. Thanks for your reply.

 

[John Wunderlich]

Will is right, there is an issue here. He only changed his
password because he was prompted to. Changing passwords every so
often is a recommended security feature. If he changed his
password when prompted and it did not apply to the files or
folders that he encrypted, there is indeed a Microsoft issue to be
dealt with.

I'm just beginning to look into encrypted folders or entire drives
and am trying to research issues like this so I'll know how to
deal with it.

One rebuke was enough - the other personal attacks seemed like
piling on to me.

"You cannot access EFS files after you change the user password to a
new password on a Windows XP Service Pack 2-based computer"
<http://support.microsoft.com/kb/890951/en-us>

"EFS, Credentials, and Private Keys from Certificates Are Unavailable
After a Password Is Reset"
<http://support.microsoft.com/kb/290260/en-us>

"User cannot gain access to certificate functionality after password
change or when using a roaming profile"
<http://support.microsoft.com/kb/331333/en-us>

HTH,
John

 

[Patrick Keenan]

These are the kinds of issues, answers and suggestions I came here looking
for. Thanks for your reply.

You're welcome. It's important to read and understand all of the material
on EFS if you're going to use it successfully and safely.

Most of the time people post regarding EFS, it's a story without a happy
ending.

MS did a great job of making strong encryption available, but perhaps not so
great a job at making the implications and data-safety requirements and
practices clear. Worse, you don't *have* to back up the certificates as
part of the process. This means that encrypted data is instantly
vulnerable.

-pk