Solved

Newly Unaccessable Encrypted files in XP pro.

Posted on 2003-10-28
16
2,196 Views
Last Modified: 2010-04-11
I have some files that were encrypted using the standard (EFS) XP pro encryption.  After installing one of MS's massive security patches (5 actually)  I can not access the files.  I think all of the key files etc are intact, (as is are my profiles) but I can't do anything with the files.  Some other programs have had strange quirks dealing with profiles since that security update.  Is there some way I can manualy tell Windows where to look for the keys which seem to be ok?

Reading over some of the other similar questions, the thing that seems different is that I THINK I have all of the profile information.  I just can't do anything with the files!

Help.
0
Comment
Question by:Reedber
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 8
16 Comments
 
LVL 32

Expert Comment

by:LucF
ID: 9633199
Assuming you're the administrator: You might want to try to take ownership on the files, and afterwards, give yourself permissions (at least read) to those files. After you've done this, you should be able to open the files again.

LucF
0
 

Author Comment

by:Reedber
ID: 9633278
I have done that, but unfortunately, it does not let me unencrypt the files, because only the profile that encrypted the files has the keys to unencrypt them.  

And although I HAVE the keys, there is something amiss in the operating system that is telling Windows that I don't.  A registry problem perhaps?

However ownership does let me delete the files...
0
 
LVL 32

Expert Comment

by:LucF
ID: 9633385
> because only the profile that encrypted the files has the keys to unencrypt them.  
Not completely true, the administrator should have the same permissions after taking ownership and getting permissions. So I think you have another problem.
try SFC from command prompt (keep your winXP cd nearby in case you'll need it)

LucF
0
What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

 

Author Comment

by:Reedber
ID: 9633510
If all the admin profiles could unencrypt another profile's files, then it wouldn't really be encrypted!  :)  The only way I think another profile can unencrypt another user's encrypted files is if the file is shared with them (which I can't do (error 5)) or if that other user is a Data Recovery Agent which is what I'm about to try next, though it doesn't really solve my problem as to why I suddenly need to be doing all of this when everything should be working just fine... :(

?  SFC might be a good idea though...
0
 
LVL 32

Expert Comment

by:LucF
ID: 9633615
> If all the admin profiles could unencrypt another profile's files, then it wouldn't really be encrypted!
Only the highest administrator in a domain should be able to do this. This is automatically done to prevent data-loss for a company in case a person leaves the company.

LucF
0
 
LVL 32

Expert Comment

by:LucF
ID: 9633626
> or if that other user is a Data Recovery Agent
The highest administrator in the domain is by default a Data Recovery Agent
0
 

Author Comment

by:Reedber
ID: 9633911
>The highest administrator in the domain is by default a Data Recovery Agent

Not in XP Pro.  They changed that for security reasons.  Now the default is to have no DAR.  Unfortunately for me.
0
 

Author Comment

by:Reedber
ID: 9633926
Here is MS's description of the XP Pro versus Win2000 settings for DAR...  It's almost the opposite.

http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodtechnol/winxppro/reskit/prnb_efs_ayqu.asp
0
 
LVL 32

Expert Comment

by:LucF
ID: 9634177
Ok, I'm sorry, I'm a win2k guy, so I didn't know they changed that in winXP (wich I don't use, not at home and not at my work) ThanQ for this information

So you already gave the answer (I think) yourself, create a DRA.

> though it doesn't really solve my problem as to why I suddenly need to be doing all of this when everything should be working just fine...
Something must have gone wrong with the security updates, have you tried looking at the specs on those security updates if they note anything on encrypted files?

LucF
0
 

Author Comment

by:Reedber
ID: 9634332
UPDATE:

I just created a DRA, and still can not access those files that were created with the busted key.  I can access other encrypted files created AFTER the update both with the profile AND with the new DRA... AARGGHHH!!!

I can see that I have multiple key files for that profile (which I shouldn't), I just don't know how to USE them!
0
 
LVL 32

Expert Comment

by:LucF
ID: 9634450
Maybe an idea, not sure, have you tried uninstalling those security patches?

> I can see that I have multiple key files for that profile
Never seen that happen, I personnaly never needed a DRA, is there no way you can change the priority of those keys?

I have to say I'm really out of ideas at the moment.

LucF
0
 
LVL 32

Accepted Solution

by:
LucF earned 125 total points
ID: 10254073
I may have found something for you (after a long while)

Advanced EFS Data Recovery 1.30

Is a program to recover/decrypt files encrypted on NTFS (EFS) partitions created in Windows 2000 and Windows XP.
Files are being decrypted even in a case when the system is not bootable and so you cannot log on,
and/or some encryption keys have been tampered. AEFSDR effectively decrypts the files protected under
Windows XP (including Service Pack 1) and all versions of Windows 2000 (including Service Packs 1/2/3/4).
http://www.softempire.com/advanced-efs-data-recovery.html

Hope you didn't format the drive yet...

LucF
0
 

Author Comment

by:Reedber
ID: 10297408
Thanks for the information.  It kind of makes it pointless to USE the encryption if you can just buy some off-the-shelf software to break it.  

But anyway, I did a system roll back to the day before I installed all the MS Security patches, and VOILA, all my files were readable.  I copied them, rolled forward, and now I never use MS's encryption and I don't recommend anyone else does either.  What a nightmare.  

-R
0
 

Author Comment

by:Reedber
ID: 10297437
Yes, the real problem is MS, and I'm afraid that's unfixable.  

But I am giving you the points because that program would have worked!  (And besides, who else am I going to give them too!  :)

Thanks for sticking in there LucF!
0
 
LVL 32

Expert Comment

by:LucF
ID: 10297513
>>It kind of makes it pointless to USE the encryption if you can just buy some off-the-shelf software to break it.<<
I also never thought I would be able to find something like that...

At least I'm glad you solved your problem (how can a stupid Security Patch cause so much problems???)

>>Thanks for sticking in there
You're welcome, I don't like keeping questions open.

Take care,

LucF
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
Liquid Web and Plesk discuss how to simplify server management with a single tool  in their webinar.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question