• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2199
  • Last Modified:

Newly Unaccessable Encrypted files in XP pro.

I have some files that were encrypted using the standard (EFS) XP pro encryption.  After installing one of MS's massive security patches (5 actually)  I can not access the files.  I think all of the key files etc are intact, (as is are my profiles) but I can't do anything with the files.  Some other programs have had strange quirks dealing with profiles since that security update.  Is there some way I can manualy tell Windows where to look for the keys which seem to be ok?

Reading over some of the other similar questions, the thing that seems different is that I THINK I have all of the profile information.  I just can't do anything with the files!

Help.
0
Reedber
Asked:
Reedber
  • 8
  • 8
1 Solution
 
LucFCommented:
Assuming you're the administrator: You might want to try to take ownership on the files, and afterwards, give yourself permissions (at least read) to those files. After you've done this, you should be able to open the files again.

LucF
0
 
ReedberAuthor Commented:
I have done that, but unfortunately, it does not let me unencrypt the files, because only the profile that encrypted the files has the keys to unencrypt them.  

And although I HAVE the keys, there is something amiss in the operating system that is telling Windows that I don't.  A registry problem perhaps?

However ownership does let me delete the files...
0
 
LucFCommented:
> because only the profile that encrypted the files has the keys to unencrypt them.  
Not completely true, the administrator should have the same permissions after taking ownership and getting permissions. So I think you have another problem.
try SFC from command prompt (keep your winXP cd nearby in case you'll need it)

LucF
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
ReedberAuthor Commented:
If all the admin profiles could unencrypt another profile's files, then it wouldn't really be encrypted!  :)  The only way I think another profile can unencrypt another user's encrypted files is if the file is shared with them (which I can't do (error 5)) or if that other user is a Data Recovery Agent which is what I'm about to try next, though it doesn't really solve my problem as to why I suddenly need to be doing all of this when everything should be working just fine... :(

?  SFC might be a good idea though...
0
 
LucFCommented:
> If all the admin profiles could unencrypt another profile's files, then it wouldn't really be encrypted!
Only the highest administrator in a domain should be able to do this. This is automatically done to prevent data-loss for a company in case a person leaves the company.

LucF
0
 
LucFCommented:
> or if that other user is a Data Recovery Agent
The highest administrator in the domain is by default a Data Recovery Agent
0
 
ReedberAuthor Commented:
>The highest administrator in the domain is by default a Data Recovery Agent

Not in XP Pro.  They changed that for security reasons.  Now the default is to have no DAR.  Unfortunately for me.
0
 
ReedberAuthor Commented:
Here is MS's description of the XP Pro versus Win2000 settings for DAR...  It's almost the opposite.

http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodtechnol/winxppro/reskit/prnb_efs_ayqu.asp
0
 
LucFCommented:
Ok, I'm sorry, I'm a win2k guy, so I didn't know they changed that in winXP (wich I don't use, not at home and not at my work) ThanQ for this information

So you already gave the answer (I think) yourself, create a DRA.

> though it doesn't really solve my problem as to why I suddenly need to be doing all of this when everything should be working just fine...
Something must have gone wrong with the security updates, have you tried looking at the specs on those security updates if they note anything on encrypted files?

LucF
0
 
ReedberAuthor Commented:
UPDATE:

I just created a DRA, and still can not access those files that were created with the busted key.  I can access other encrypted files created AFTER the update both with the profile AND with the new DRA... AARGGHHH!!!

I can see that I have multiple key files for that profile (which I shouldn't), I just don't know how to USE them!
0
 
LucFCommented:
Maybe an idea, not sure, have you tried uninstalling those security patches?

> I can see that I have multiple key files for that profile
Never seen that happen, I personnaly never needed a DRA, is there no way you can change the priority of those keys?

I have to say I'm really out of ideas at the moment.

LucF
0
 
LucFCommented:
I may have found something for you (after a long while)

Advanced EFS Data Recovery 1.30

Is a program to recover/decrypt files encrypted on NTFS (EFS) partitions created in Windows 2000 and Windows XP.
Files are being decrypted even in a case when the system is not bootable and so you cannot log on,
and/or some encryption keys have been tampered. AEFSDR effectively decrypts the files protected under
Windows XP (including Service Pack 1) and all versions of Windows 2000 (including Service Packs 1/2/3/4).
http://www.softempire.com/advanced-efs-data-recovery.html

Hope you didn't format the drive yet...

LucF
0
 
ReedberAuthor Commented:
Thanks for the information.  It kind of makes it pointless to USE the encryption if you can just buy some off-the-shelf software to break it.  

But anyway, I did a system roll back to the day before I installed all the MS Security patches, and VOILA, all my files were readable.  I copied them, rolled forward, and now I never use MS's encryption and I don't recommend anyone else does either.  What a nightmare.  

-R
0
 
ReedberAuthor Commented:
Yes, the real problem is MS, and I'm afraid that's unfixable.  

But I am giving you the points because that program would have worked!  (And besides, who else am I going to give them too!  :)

Thanks for sticking in there LucF!
0
 
LucFCommented:
>>It kind of makes it pointless to USE the encryption if you can just buy some off-the-shelf software to break it.<<
I also never thought I would be able to find something like that...

At least I'm glad you solved your problem (how can a stupid Security Patch cause so much problems???)

>>Thanks for sticking in there
You're welcome, I don't like keeping questions open.

Take care,

LucF
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 8
  • 8
Tackle projects and never again get stuck behind a technical roadblock.
Join Now