|
Posted by =?Utf-8?B?SG9ub3JlZFdyaXRlcg== on October 25, 2007, 6:15 am
If you were Registered and logged in, you could reply and use other advanced thread options
Dear Roger;
....But all is well now and everything is alright. I have gained some more
knowledge. Thanks. I guess we can put this bippy to bed now. See ya. It has
been a pleasure....
--
HonoredWriter
"Roger Abell [MVP]" wrote:
> Oh my! I have to admit that I have no clue why what you report
> happened, i.e. that the EFS files were in the clear once moved
> to the recycle bin, or why a restore was failing due to their being
> present for that matter. Normally, a backup and restore of an EFS
> encrypted file is one of the main ways to move it between systems
> without disturbing its state as an EFS encrypted file. That these
> were in the clear after only moving them to the recycle bin seems
> to indicate that the account you were using had the proper EFS key
> needed for decryption (otherwise decryption is impossible).
>
> Roger
>
> > Dear Roger;
> > Thanks again for those words of wisdom. And once again you have filled my
> > plate and my cup. Thanks.
> >
> > I noticed one oddity though. When I was reloading the backup files, I
> > could
> > not load some of them because the encrypted files were still present. I
> > delegated those encrypted files to the recycle bin. So when I was finised
> > with all of the transfering and sending to the recycle bin, I wanted to
> > see
> > what had happened to all of the encrypted files I put in the recycle bin,
> > and, lo and behold, they were not encrypted anymore but in plain text.
> > Since
> > I went through the hassle of cataloging and restoring saved files, I
> > decided
> > to call it a night (morning?) and just emptied the thing. I can live with
> > that.
> >
> > --
> > HonoredWriter
> >
> >
> > "Roger Abell [MVP]" wrote:
> >
> >> Backup and save on non-degrading media the EFS DRA .pfx file
> >> and try to remember its password. That is without doubt the first
> >> and most important thing you can do once a DRA has been defined.
> >>
> >> For EFS encrypted files in the absence of a DRA, the .pfx on a
> >> per user basis can allow for that user being able to get to their
> >> EFS encrypted files after a disaster (reformat/install).
> >>
> >> Roger
> >>
> >> > Dear GreenieLaBrun;
> >> > Thanks for the information. Some of which I have read. Thanks to all of
> >> > you
> >> > guys for your assistance. The other major thing I did to help myself
> >> > was
> >> > to
> >> > make a backup DVD, so I now have a copy of some of the files, not all,
> >> > to
> >> > retore. Foe sure I will follow "Windows Recommendations". Thanks.
> >> > --
> >> > HonoredWriter
> >> >
> >> >
> >> > "GreenieLeBrun" wrote:
> >> >
> >> >>
> >> >>
> >> >> HonoredWriter wrote:
> >> >> > Dear Brian and Roger;
> >> >> > The certificates I have were recently installed days after the files
> >> >> > were encrypted. And I think that I am in a no win situation, because
> >> >> > I
> >> >> > re-installed Windows after the encryption. I should have deciphered
> >> >> > the files prior to re-installing Windows. The keys have probably
> >> >> > been
> >> >> > discarded/changed. Also I changed the name of the User. It was
> >> >> > foolish of me to believe that I could decrypt files after I had
> >> >> > re-installed Windows. The files were not deleted because they are
> >> >> > located on another drive and partition. I was pulling for straws by
> >> >> > assuming I could use another certficate to decipher the files. Me
> >> >> > think I will keep one or two of them on my system to remind me what
> >> >> > not to do (smile). Thanks for all of your good help with the sharing
> >> >> > of your knowledge. It is amazing how much smarter one gets when one
> >> >> > makes a foolish mistake. "If any man thinks he is wise let him
> >> >> > become
> >> >> > a fool so he can become wise."
> >> >> > Thanks for your assistance.
> >> >> >
> >> >> >> One may generate and EFS recovery agent .pfx by use of
> >> >> >> the cipher utility with the /r option. See cipher /?
> >> >> >> After being installed, that recovery agent will only have
> >> >> >> decrypt capabilities on files EFS-touched afterwords.
> >> >> >>
> >> >> >> If you believe you already have a recovery agent set up
> >> >> >> and it is unable to decrypt EFS files, then you probably
> >> >> >> need to use the efsinfo utility to examine the thumbprint
> >> >> >> of the files that may not be decrypted, verify that the
> >> >> >> account from which you attempt actually has the recovery
> >> >> >> agent private key installed within it, etc.
> >> >> >>
> >> >> >> Why is it that you say
> >> >> >>> The certificates I have are not worthy to be Recovery Agent
> >> >> >>> certificates even though their intended purposes are clearly
> >> >> >>> stated.
> >> >> >> ?? What is it that you are seeing and how? How are you
> >> >> >> attempting to use this (these?) ?
> >> >> >>
> >> >> >>
> >> >> >>> How do I obtain a Recovery Agent certificate to
> >> >> >>> recover/restore/decrypt some
> >> >> >>> previously encripted files? The certificates I have are not worthy
> >> >> >>> to be Recovery Agent certificates even though their intended
> >> >> >>> purposes are clearly
> >> >> >>> stated. ( Shucks, I'm thinking this computer has intuitive
> >> >> >>> intelligence.) --
> >> >> >>> HonoredWriter
> >> >>
> >> >> If you re-installed Windows AFTER the files were encrypted then, I am
> >> >> afraid, you are out of luck as the SID (security Identifyer) will have
> >> >> changed (see http://en.wikipedia.org/wiki/Security_Identifier)
> >> >>
> >> >> You may like to peruse the following links for more information on the
> >> >> EFS
> >> >>
> >> >> The Encrypting File System
> >> >> http://www.microsoft.com/technet/security/topics/cryptographyetc/efs.mspx
> >> >>
> >> >> Best practices for the Encrypting File System
> >> >> http://support.microsoft.com/kb/223316/en-us
> >> >>
> >> >> How to back up the recovery agent Encrypting File System (EFS) private
> >> >> key
> >> >> in Windows Server 2003, in Windows 2000, and in Windows XP
> >> >> http://support.microsoft.com/kb/241201
> >> >>
> >> >> How To Encrypt a Folder in Windows XP
> >> >> http://support.microsoft.com/?id=308989
> >> >>
> >> >> How To Remove File Encryption in Windows XP
> >> >> http://support.microsoft.com/?id=308993
> >> >>
> >> >> How To Encrypt a File in Windows XP
> >> >> http://support.microsoft.com/?id=307877
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>
| 
XML site map