Newly Unaccessable Encrypted files in XP pro.

I have some files that were encrypted using the standard (EFS) XP pro encryption.  After installing one of MS's massive security patches (5 actually)  I can not access the files.  I think all of the key files etc are intact, (as is are my profiles) but I can't do anything with the files.  Some other programs have had strange quirks dealing with profiles since that security update.  Is there some way I can manualy tell Windows where to look for the keys which seem to be ok?

Reading over some of the other similar questions, the thing that seems different is that I THINK I have all of the profile information.  I just can't do anything with the files!

Help.
ReedberAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

LucFEMEA Server EngineerCommented:
Assuming you're the administrator: You might want to try to take ownership on the files, and afterwards, give yourself permissions (at least read) to those files. After you've done this, you should be able to open the files again.

LucF
0
ReedberAuthor Commented:
I have done that, but unfortunately, it does not let me unencrypt the files, because only the profile that encrypted the files has the keys to unencrypt them.  

And although I HAVE the keys, there is something amiss in the operating system that is telling Windows that I don't.  A registry problem perhaps?

However ownership does let me delete the files...
0
LucFEMEA Server EngineerCommented:
> because only the profile that encrypted the files has the keys to unencrypt them.  
Not completely true, the administrator should have the same permissions after taking ownership and getting permissions. So I think you have another problem.
try SFC from command prompt (keep your winXP cd nearby in case you'll need it)

LucF
0
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

ReedberAuthor Commented:
If all the admin profiles could unencrypt another profile's files, then it wouldn't really be encrypted!  :)  The only way I think another profile can unencrypt another user's encrypted files is if the file is shared with them (which I can't do (error 5)) or if that other user is a Data Recovery Agent which is what I'm about to try next, though it doesn't really solve my problem as to why I suddenly need to be doing all of this when everything should be working just fine... :(

?  SFC might be a good idea though...
0
LucFEMEA Server EngineerCommented:
> If all the admin profiles could unencrypt another profile's files, then it wouldn't really be encrypted!
Only the highest administrator in a domain should be able to do this. This is automatically done to prevent data-loss for a company in case a person leaves the company.

LucF
0
LucFEMEA Server EngineerCommented:
> or if that other user is a Data Recovery Agent
The highest administrator in the domain is by default a Data Recovery Agent
0
ReedberAuthor Commented:
>The highest administrator in the domain is by default a Data Recovery Agent

Not in XP Pro.  They changed that for security reasons.  Now the default is to have no DAR.  Unfortunately for me.
0
ReedberAuthor Commented:
Here is MS's description of the XP Pro versus Win2000 settings for DAR...  It's almost the opposite.

http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodtechnol/winxppro/reskit/prnb_efs_ayqu.asp
0
LucFEMEA Server EngineerCommented:
Ok, I'm sorry, I'm a win2k guy, so I didn't know they changed that in winXP (wich I don't use, not at home and not at my work) ThanQ for this information

So you already gave the answer (I think) yourself, create a DRA.

> though it doesn't really solve my problem as to why I suddenly need to be doing all of this when everything should be working just fine...
Something must have gone wrong with the security updates, have you tried looking at the specs on those security updates if they note anything on encrypted files?

LucF
0
ReedberAuthor Commented:
UPDATE:

I just created a DRA, and still can not access those files that were created with the busted key.  I can access other encrypted files created AFTER the update both with the profile AND with the new DRA... AARGGHHH!!!

I can see that I have multiple key files for that profile (which I shouldn't), I just don't know how to USE them!
0
LucFEMEA Server EngineerCommented:
Maybe an idea, not sure, have you tried uninstalling those security patches?

> I can see that I have multiple key files for that profile
Never seen that happen, I personnaly never needed a DRA, is there no way you can change the priority of those keys?

I have to say I'm really out of ideas at the moment.

LucF
0
LucFEMEA Server EngineerCommented:
I may have found something for you (after a long while)

Advanced EFS Data Recovery 1.30

Is a program to recover/decrypt files encrypted on NTFS (EFS) partitions created in Windows 2000 and Windows XP.
Files are being decrypted even in a case when the system is not bootable and so you cannot log on,
and/or some encryption keys have been tampered. AEFSDR effectively decrypts the files protected under
Windows XP (including Service Pack 1) and all versions of Windows 2000 (including Service Packs 1/2/3/4).
http://www.softempire.com/advanced-efs-data-recovery.html

Hope you didn't format the drive yet...

LucF
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ReedberAuthor Commented:
Thanks for the information.  It kind of makes it pointless to USE the encryption if you can just buy some off-the-shelf software to break it.  

But anyway, I did a system roll back to the day before I installed all the MS Security patches, and VOILA, all my files were readable.  I copied them, rolled forward, and now I never use MS's encryption and I don't recommend anyone else does either.  What a nightmare.  

-R
0
ReedberAuthor Commented:
Yes, the real problem is MS, and I'm afraid that's unfixable.  

But I am giving you the points because that program would have worked!  (And besides, who else am I going to give them too!  :)

Thanks for sticking in there LucF!
0
LucFEMEA Server EngineerCommented:
>>It kind of makes it pointless to USE the encryption if you can just buy some off-the-shelf software to break it.<<
I also never thought I would be able to find something like that...

At least I'm glad you solved your problem (how can a stupid Security Patch cause so much problems???)

>>Thanks for sticking in there
You're welcome, I don't like keeping questions open.

Take care,

LucF
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.