Rexter
YeeHaw
join:2002-11-17
cloud 9
| [XPPro] Encrypted files no longer accessable
A few months ago I noticed that some documents, pdf's and office documents were suddenly being encrypted. I noticed because the font turned green on the filename. I don't know why these files were being encrypted, as I didn't do it. I didn't really worry about it. I was able to access them just fine. I filed it in the back of my head to investigate another day. Well because all was working fine, I never got around to looking further into it. Well the time has come. As of yesterday, I can no longer access these files. Adobe, and office attempt to open the files, but they can't, saying access denied. If I go to properties, and look under attributes, I see the encrypted option is checked, but my user has full control in the permissions. If I try to uncheck encrypt, and apply, it says access denied. What's going on here? The certificate info says I should have transparent access to the file.
--
With every new wave of optimism, or pessimism, we are ready to abandon history, and time tested principles, but we cling tenaciously and unquestioningly to our prejudices. (Benjamin Graham) |
|
Rexter
YeeHaw
join:2002-11-17
cloud 9 | I don't know much about Windows EFS, but I'm thinking my private keys may be lost somewhere. |
|
Bigzizzzle
Premium
join:2005-01-27
Franklin, TN
| reply to Rexter
Any other users on the local machine, perhaps another admin account can you show a pic of the user permissions. Sadly the key is your user/password. You use any other encryption apps or stuff. Perhaps using the cipher.exe command line might work incase of an gui issue, you all patched up. Are you using XP Pro or vista?
EFS info here: »technet.microsoft.com/en-us/libr···811.aspx
»support.microsoft.com/default.as···&sd=tech
perhaps reapply your security permissions to your user.
Cipher.exe command line usage : »articles.techrepublic.com.com/51···732.html |
|
Rexter
YeeHaw
join:2002-11-17
cloud 9 | Thanks for taking the time to post. See my next post, I'm pretty sure that the PFX cert is missing. |
|
Rexter
YeeHaw
join:2002-11-17
cloud 9
| reply to Rexter
Ok, I've been doing lots of reading on EFS, and how the keys work. I notice that there are some files in green font that I can open, and others that I can't. Looking at the encrypt attribute, under details It says the following users have transparent access. My user is listed in this area, on both the files I can access, and the files that I can't access, but the certificate thumbprint is different. My theory is that registry corruption occurred, and my PFX cert was lost. Windows created a new PFX cert for my user, so I no longer have the private key to open the older encrypted files.
Here's my plan. I'm going to unencrypted all the files that I can, turning off the encryption attribute wherever I can. Then I'll save or export the current PFX key, just in case I miss a few recently encrypted files. Next I'll perform a system restore, to a point before I lost access to the files. I'm hoping this will restore the old PFX key allowing me the unencrypt the older files.
Any thoughts on if this will be successful?
--
With every new wave of optimism, or pessimism, we are ready to abandon history, and time tested principles, but we cling tenaciously and unquestioningly to our prejudices. (Benjamin Graham) |
|
Matt
Take me down to the paradise city
Premium
join:2003-07-20
Jamestown, NC | reply to Rexter
I know it's too late, but this is why I don't use EFS unless it's a domain connected machine. In that situation, the domain admin account can decrypt any file so you have a safeguard. I wish I had a fix for you, but I've been bitten by this too. |
|
Rexter
YeeHaw
join:2002-11-17
cloud 9
| reply to Rexter
I did a restored to several restore points, dating all the way back to June 6th. I was still unable to access the encrypted files. So this must mean that the certificate is not part of the system restore.
Isn't it true that the administrator user should, by default, be a recovery agent?
--
With every new wave of optimism, or pessimism, we are ready to abandon history, and time tested principles, but we cling tenaciously and unquestioningly to our prejudices. (Benjamin Graham) |
|
Matt
Take me down to the paradise city
Premium
join:2003-07-20
Jamestown, NC
 ·North State Commun..
| said by Rexter  :Isn't it true that the administrator user should, by default, be a recovery agent? The DOMAIN administrator. Not the local administrator unfortunately. |
|
Rexter
YeeHaw
join:2002-11-17
cloud 9
| Ah crap!
I spoke to a data recovery specialist today. He said short of a Government agency, a supercomputer, and $12M you can't break this encryption.
But then I found this software. Do you think there is any chance that it would actually do what I need?
»www.elcomsoft.com/aefsdr.html
--
With every new wave of optimism, or pessimism, we are ready to abandon history, and time tested principles, but we cling tenaciously and unquestioningly to our prejudices. (Benjamin Graham) |
|
Matt
Take me down to the paradise city
Premium
join:2003-07-20
Jamestown, NC
·North State Commun..
1 edit | I have my doubts due to some of the wording on that site. If it were really that easy, what would the point of EFS be? EFS was designed so another user can't take a file to another computer and decrypt it. The part that has me unsure is that it states that "even when some encryption keys have been tampered with" which leads me to believe it at least needs a partial encryption key.
Regardless, I would contact them and explain your situation and see what they say. It is a Microsoft product, so it's completely possible there is a hole that they have found in EFS and have chosen to write a product around it rather than disclose it. If they tell you it will work and they have any confidence in their product, they should offer you some sort of guarantee. If not, I'd decline to pay $250 to find out that it doesn't work. |
|
