XP Pro lost its smart card and is no longer with the domain but the user profile is locked out.

ejsky
ejsky used Ask the Experts™
on
I have a XP pro Laptop which is an IBM Lenovo T61. This laptop was part of a domain which I've been no longer part of for a little over a year. I had to still use a smart card to get into the computer but after I had updated AVG 2011 Free edition I had lost my internet, so I removed the AVG by uninstalling it and a AXA program that I didn't relized that was partly used by the smart card then I restarted the system. When it booted backup I didn't have to worry about the smart card any more but when I loged on It was a different profile (like a new profile was created but missing my data and Outlook 2003 was also missing my configuration. And its PSTs. When I explorer I notice the profile with my user data is still in my orignal profile but its marked by a lime green color and when I try to open a File it states I don't have permission to the file. So I reset my file permissions and ownership of the folders and fiiles and still unable to open or move any of the data in lime green color. Anyone knows how to get around this or to really take over the files to make use of them again. Help would be appreciated.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
You might have encrypted the files, somehow... Probably domain requirements.  Not sure if they can be unencrypted using the following method if they were set with GP.  Worth a try:

http://www.bidn.com/blogs/DustinRyan/ssis/222/green-file-names-what-in-the-world

Author

Commented:
I see that it is the case of the files are encrypted but they wont allow me to unencrypt them. Is it possible that a GPO is inplace and if so how can I remove this without destory the OS / data files? Or How can I unencrypt them in this case.\? Here is a screen shot showing the files and the failed message
FilesEncrytionMessage.doc

Commented:
Are you certain that your current login username has full control of the files?  Right click on a file in question, click Security > Advanced > Use the Owner and/or Effective Permissions tab to see if the owner is who it is supposed to be and what the effective permissions are for that owner.  
Announcing the Winners!

The results are in for the 15th Annual Expert Awards! Congratulations to the winners, and thank you to everyone who participated in the nominations. We are so grateful for the valuable contributions experts make on a daily basis. Click to read more about this year’s recipients!

Author

Commented:
Here is a updated file with screen shots of the files with its ownership. I'm loged in on the administrator account. But I'll double check on this while you look over this. Thank you for your help.
FilesEncrytionMessage.doc

Author

Commented:
I just tried logging on one of the other profiles with no luck and now the computer is restarting with a quick BSD error 0x0c000022 which I might have a virus that I'm unaware of or its a GPO that thinks there is a hack attack happening.

Commented:
Are you logging into the machine with a domain username and password or a local account?  The username shown in the encryption detail wouldn't happen to be one you have access to login with, even if it's a domain account?  IOW, when you login, is there a domain name to choose or is it just the machine name?
Commented:
Here's the official note in unencrypting a file:

http://support.microsoft.com/kb/308993

Author

Commented:
Its the local machine builtin admin account. and the othe user account that looks like a domain member isn't working. Its no longer been with a domain for a little over a year. I'm only concern in getting the data to decrypt or to be useful. I'm currently creating a full backup just in case I start to losing the partition over this.

Commented:
It's almost 10/19/2010 where I'm at and it's been a long day.  Here's hoping you find a solution, but I'll check back in the morning.

All the best..

Author

Commented:
I come to find out that the system has other issues such as other group polocies in the way but I need to still get to the encrypted data. I did find that I need to look at the Temp folders for possible pieces of data which might point to a hidden Data Recovery agent. Any suggestions would be very well appriecaited. So far the best help has been from lobo797 and thank you. I'm going to keep at it until I find a solution to fully complete this issue but if no one else has anything better than I'll be giving the solution credit to lobo797.

Author

Commented:
http://windows.microsoft.com/en-US/windows-vista/Create-a-recovery-certificate-for-encrypted-files
The link above gave me some more help from Microsoft. If this fails then I'll need to call the company who had set it up and see if they have a backup Data Recovery agent for my old account with them. Thanks

Commented:
It won't do anything to change the encrypted file issue, but is laptop still joined to the domain for any reason?  You can check in right clicking My Computer > Properties > Computer name and see if it's on a domain or in a workgroup.  If it is on a domain and you disjoin back to a workgroup, that should take care of GP's that were applied from a domain.

I would sure try the above recover solution, but it seems to go against the idea of encrypting files.  There's usually a good reason to encrypt and would be only right to not be able to unencrypt easily.  I'm thinking that if the recover certificate is not on the laptop, you'll need to contact the company who set it up.

All the best..

Author

Commented:
I had all  ready tried the disjoining the domin into workgroup but when the system rebooted it had locked me out all together of the whole system by stating it had cancealed a autocheck. I just found out that the company had already wiped my account from their system about 8 months ago.

Author

Commented:
This part of the solution the other part is it will need a code breaker who knows bianary coding and encryptology. Mathimatics would be the other part of this solution which is almost impossible to break.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial