Solved

Newly Unaccessable Encrypted files in XP pro.

Posted on 2003-10-28
16
2,193 Views
Last Modified: 2010-04-11
I have some files that were encrypted using the standard (EFS) XP pro encryption.  After installing one of MS's massive security patches (5 actually)  I can not access the files.  I think all of the key files etc are intact, (as is are my profiles) but I can't do anything with the files.  Some other programs have had strange quirks dealing with profiles since that security update.  Is there some way I can manualy tell Windows where to look for the keys which seem to be ok?

Reading over some of the other similar questions, the thing that seems different is that I THINK I have all of the profile information.  I just can't do anything with the files!

Help.
0
Comment
Question by:Reedber
  • 8
  • 8
16 Comments
 
LVL 32

Expert Comment

by:Luc Franken
ID: 9633199
Assuming you're the administrator: You might want to try to take ownership on the files, and afterwards, give yourself permissions (at least read) to those files. After you've done this, you should be able to open the files again.

LucF
0
 

Author Comment

by:Reedber
ID: 9633278
I have done that, but unfortunately, it does not let me unencrypt the files, because only the profile that encrypted the files has the keys to unencrypt them.  

And although I HAVE the keys, there is something amiss in the operating system that is telling Windows that I don't.  A registry problem perhaps?

However ownership does let me delete the files...
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 9633385
> because only the profile that encrypted the files has the keys to unencrypt them.  
Not completely true, the administrator should have the same permissions after taking ownership and getting permissions. So I think you have another problem.
try SFC from command prompt (keep your winXP cd nearby in case you'll need it)

LucF
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 

Author Comment

by:Reedber
ID: 9633510
If all the admin profiles could unencrypt another profile's files, then it wouldn't really be encrypted!  :)  The only way I think another profile can unencrypt another user's encrypted files is if the file is shared with them (which I can't do (error 5)) or if that other user is a Data Recovery Agent which is what I'm about to try next, though it doesn't really solve my problem as to why I suddenly need to be doing all of this when everything should be working just fine... :(

?  SFC might be a good idea though...
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 9633615
> If all the admin profiles could unencrypt another profile's files, then it wouldn't really be encrypted!
Only the highest administrator in a domain should be able to do this. This is automatically done to prevent data-loss for a company in case a person leaves the company.

LucF
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 9633626
> or if that other user is a Data Recovery Agent
The highest administrator in the domain is by default a Data Recovery Agent
0
 

Author Comment

by:Reedber
ID: 9633911
>The highest administrator in the domain is by default a Data Recovery Agent

Not in XP Pro.  They changed that for security reasons.  Now the default is to have no DAR.  Unfortunately for me.
0
 

Author Comment

by:Reedber
ID: 9633926
Here is MS's description of the XP Pro versus Win2000 settings for DAR...  It's almost the opposite.

http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodtechnol/winxppro/reskit/prnb_efs_ayqu.asp
0
 

Author Comment

by:Reedber
ID: 9633966
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 9634177
Ok, I'm sorry, I'm a win2k guy, so I didn't know they changed that in winXP (wich I don't use, not at home and not at my work) ThanQ for this information

So you already gave the answer (I think) yourself, create a DRA.

> though it doesn't really solve my problem as to why I suddenly need to be doing all of this when everything should be working just fine...
Something must have gone wrong with the security updates, have you tried looking at the specs on those security updates if they note anything on encrypted files?

LucF
0
 

Author Comment

by:Reedber
ID: 9634332
UPDATE:

I just created a DRA, and still can not access those files that were created with the busted key.  I can access other encrypted files created AFTER the update both with the profile AND with the new DRA... AARGGHHH!!!

I can see that I have multiple key files for that profile (which I shouldn't), I just don't know how to USE them!
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 9634450
Maybe an idea, not sure, have you tried uninstalling those security patches?

> I can see that I have multiple key files for that profile
Never seen that happen, I personnaly never needed a DRA, is there no way you can change the priority of those keys?

I have to say I'm really out of ideas at the moment.

LucF
0
 
LVL 32

Accepted Solution

by:
Luc Franken earned 125 total points
ID: 10254073
I may have found something for you (after a long while)

Advanced EFS Data Recovery 1.30

Is a program to recover/decrypt files encrypted on NTFS (EFS) partitions created in Windows 2000 and Windows XP.
Files are being decrypted even in a case when the system is not bootable and so you cannot log on,
and/or some encryption keys have been tampered. AEFSDR effectively decrypts the files protected under
Windows XP (including Service Pack 1) and all versions of Windows 2000 (including Service Packs 1/2/3/4).
http://www.softempire.com/advanced-efs-data-recovery.html

Hope you didn't format the drive yet...

LucF
0
 

Author Comment

by:Reedber
ID: 10297408
Thanks for the information.  It kind of makes it pointless to USE the encryption if you can just buy some off-the-shelf software to break it.  

But anyway, I did a system roll back to the day before I installed all the MS Security patches, and VOILA, all my files were readable.  I copied them, rolled forward, and now I never use MS's encryption and I don't recommend anyone else does either.  What a nightmare.  

-R
0
 

Author Comment

by:Reedber
ID: 10297437
Yes, the real problem is MS, and I'm afraid that's unfixable.  

But I am giving you the points because that program would have worked!  (And besides, who else am I going to give them too!  :)

Thanks for sticking in there LucF!
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 10297513
>>It kind of makes it pointless to USE the encryption if you can just buy some off-the-shelf software to break it.<<
I also never thought I would be able to find something like that...

At least I'm glad you solved your problem (how can a stupid Security Patch cause so much problems???)

>>Thanks for sticking in there
You're welcome, I don't like keeping questions open.

Take care,

LucF
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
What is CEO Fraud? 8 87
how can I resolve Threat Has Been Detected message by AVAST? 4 62
7 camera surveillance system hacked 6 51
Network Security Solution 7 44
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
On Beyond Tools A conversation I recently had with the DevOps manager of a major online retailer really made me think about DevOps monitoring tools (https://www.onpage.com/devops-incident-management-tool/). The manager and I discussed how sever…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now