Sign in with
Sign up | Sign in
Your question

EFS Issue

Last response: in Windows XP
Share
Anonymous
April 27, 2005 10:34:16 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Recently I used RIS (Remote Installation Service) to reinstall a
clients workstation because it had been upgraded and had different
versions of Office installed and just generally had issues, but what I
didn’t know is that the user had Encrypted files on another drive (USB
External Hard Drive) so after I reinstalled the OS the Computer
account is not the same as before and he can no longer access the
files that were on the other drive. I have tried several of the free
downloadable recovery packages Advanced EFS recovery and others but
have had no luck, the recovery agent displays that no user is able to
decrypt the files and the user account has not changed because the
user is in a domain. I have tried logging in as local admin, domain
admin, but still no luck. anyone know of anything I can do. and no
the user didn’t export the keys.

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Security-Admin-EFS-Issue-f...
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1177687

More about : efs issue

Anonymous
April 28, 2005 2:54:56 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Was there a Designated Recovery Agent on the domain?
If not, the data is most likely gone for good.

See the bottom of this page for ways to help prevent data loss with EFS in
the future:
http://www3.telus.net/dandemar/encrypt.htm

--
Jupiter Jones [MVP]
http://www3.telus.net/dandemar
In memory of our dear friend, MVP Alex Nichol
http://www.dts-l.org


"Mouse4440" <UseLinkToEmail@WindowsForumz.com> wrote in message
news:3_1177687_c7f35c781fba764475392afee945baeb@windowsforumz.com...
> Recently I used RIS (Remote Installation Service) to reinstall a
> clients workstation because it had been upgraded and had different
> versions of Office installed and just generally had issues, but what I
> didn't know is that the user had Encrypted files on another drive (USB
> External Hard Drive) so after I reinstalled the OS the Computer
> account is not the same as before and he can no longer access the
> files that were on the other drive. I have tried several of the free
> downloadable recovery packages Advanced EFS recovery and others but
> have had no luck, the recovery agent displays that no user is able to
> decrypt the files and the user account has not changed because the
> user is in a domain. I have tried logging in as local admin, domain
> admin, but still no luck. anyone know of anything I can do. and no
> the user didn't export the keys.
>
> --
> Posted using the http://www.windowsforumz.com interface, at author's
> request
> Articles individually checked for conformance to usenet standards
> Topic URL:
> http://www.windowsforumz.com/Security-Admin-EFS-Issue-f...
> Visit Topic URL to contact author (reg. req'd). Report abuse:
> http://www.windowsforumz.com/eform.php?p=1177687
Anonymous
April 29, 2005 1:34:10 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"Jupiter Jones MVP" wrote:
> Was there a Designated Recovery Agent on the domain?
> If not, the data is most likely gone for good.
>
> See the bottom of this page for ways to help prevent data loss
> with EFS in
> the future:
> http://www3.telus.net/dandemar/encrypt.htm
>
> --
> Jupiter Jones [MVP]
> http://www3.telus.net/dandemar
> In memory of our dear friend, MVP Alex Nichol
> http://www.dts-l.org
>
>
> "Mouse4440" <UseLinkToEmail@WindowsForumz.com> wrote in
> message
> news:3_1177687_c7f35c781fba764475392afee945baeb@windowsforumz.com...
> > Recently I used RIS (Remote Installation Service) to
> reinstall a
> > clients workstation because it had been upgraded and had
> different
> > versions of Office installed and just generally had issues,
> but what I
> > didn't know is that the user had Encrypted files on another
> drive (USB
> > External Hard Drive) so after I reinstalled the OS the
> Computer
> > account is not the same as before and he can no longer
> access the
> > files that were on the other drive. I have tried several of
> the free
> > downloadable recovery packages Advanced EFS recovery and
> others but
> > have had no luck, the recovery agent displays that no user
> is able to
> > decrypt the files and the user account has not changed
> because the
> > user is in a domain. I have tried logging in as local admin,
> domain
> > admin, but still no luck. anyone know of anything I can do.
> and no
> > the user didn't export the keys.
> >
> > --
> > Posted using the http://www.windowsforumz.com interface, at author's
> > request
> > Articles individually checked for conformance to usenet
> standards
> > Topic URL:
> > http://www.windowsforumz.com/Security-Admin-EFS-Issue-f...
> > Visit Topic URL to contact author (reg. req'd). Report
> abuse:
> > http://www.windowsforumz.com/eform.php?p=1177687

I’m not sure, I logged in as admin on the local machine and as the
domain admin and the windows recovery thing display no recovery agent
present. is this something that user had to setup or is an automatic
thing?

Posted Via Usenet.com Premium Usenet Newsgroup Services
----------------------------------------------------------
** SPEED ** RETENTION ** COMPLETION ** ANONYMITY **
----------------------------------------------------------
http://www.usenet.com
Related resources
Anonymous
April 29, 2005 1:34:11 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"Mouse4440" <DoNotEmail@WindowsForumz.com> wrote in message
news:3_1183971_590abcb1375a568d59e74bf288c16868@windowsforumz.com...
> "Jupiter Jones MVP" wrote:
> > Was there a Designated Recovery Agent on the domain?
> > If not, the data is most likely gone for good.
> >
> > See the bottom of this page for ways to help prevent data loss
> > with EFS in
> > the future:
> > http://www3.telus.net/dandemar/encrypt.htm
> >
> > --
> > Jupiter Jones [MVP]
> > http://www3.telus.net/dandemar
> > In memory of our dear friend, MVP Alex Nichol
> > http://www.dts-l.org
> >
> >
> > "Mouse4440" <UseLinkToEmail@WindowsForumz.com> wrote in
> > message
> > news:3_1177687_c7f35c781fba764475392afee945baeb@windowsforumz.com...
> > > Recently I used RIS (Remote Installation Service) to
> > reinstall a
> > > clients workstation because it had been upgraded and had
> > different
> > > versions of Office installed and just generally had issues,
> > but what I
> > > didn't know is that the user had Encrypted files on another
> > drive (USB
> > > External Hard Drive) so after I reinstalled the OS the
> > Computer
> > > account is not the same as before and he can no longer
> > access the
> > > files that were on the other drive. I have tried several of
> > the free
> > > downloadable recovery packages Advanced EFS recovery and
> > others but
> > > have had no luck, the recovery agent displays that no user
> > is able to
> > > decrypt the files and the user account has not changed
> > because the
> > > user is in a domain. I have tried logging in as local admin,
> > domain
> > > admin, but still no luck. anyone know of anything I can do.
> > and no
> > > the user didn't export the keys.
> > >
> > > --
> > > Posted using the http://www.windowsforumz.com interface, at author's
> > > request
> > > Articles individually checked for conformance to usenet
> > standards
> > > Topic URL:
> > > http://www.windowsforumz.com/Security-Admin-EFS-Issue-f...
> > > Visit Topic URL to contact author (reg. req'd). Report
> > abuse:
> > > http://www.windowsforumz.com/eform.php?p=1177687
>
> I’m not sure, I logged in as admin on the local machine and as the
> domain admin and the windows recovery thing display no recovery agent
> present. is this something that user had to setup or is an automatic
> thing?
>

With XP you have to setup the recovery agent. Win2k worked differently. If
he was logged on locally when he encrypted the files you are probably out of
luck. If he was logged on as a domain user you will have to figure out if
there is a recovery agent and who it is. Export the recovery key and import
it on the machine with the files on it. You may also have to take ownership
of the files on the USB drive first.

http://support.microsoft.com/default.aspx?scid=kb;en-us;887414

http://www.microsoft.com/resources/documentation/Window...

Kerry
Anonymous
April 29, 2005 3:24:52 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"kerry15" wrote:
> "Mouse4440" <DoNotEmail@WindowsForumz.com> wrote in message
> news:3_1183971_590abcb1375a568d59e74bf288c16868@windowsforumz.com...
> > "Jupiter Jones MVP" wrote:
>  > > Was there a Designated Recovery Agent on the domain?
>  > > If not, the data is most likely gone for good.
>  > >
>  > > See the bottom of this page for ways to help prevent
> data loss
>  > > with EFS in
>  > > the future:
>  > > http://www3.telus.net/dandemar/encrypt.htm
>  > >
>  > > --
>  > > Jupiter Jones [MVP]
>  > > http://www3.telus.net/dandemar
>  > > In memory of our dear friend, MVP Alex Nichol
>  > > http://www.dts-l.org
>  > >
>  > >
>  > > "Mouse4440" <UseLinkToEmail@WindowsForumz.com>
> wrote in
>  > > message
>  > >
> news:3_1177687_c7f35c781fba764475392afee945baeb@windowsforumz.com...
>   > > > Recently I used RIS (Remote Installation
> Service) to
>  > > reinstall a
>   > > > clients workstation because it had been
> upgraded and had
>  > > different
>   > > > versions of Office installed and just
> generally had issues,
>  > > but what I
>   > > > didn't know is that the user had Encrypted
> files on another
>  > > drive (USB
>   > > > External Hard Drive) so after I reinstalled
> the OS the
>  > > Computer
>   > > > account is not the same as before and he can
> no longer
>  > > access the
>   > > > files that were on the other drive. I have
> tried several of
>  > > the free
>   > > > downloadable recovery packages Advanced EFS
> recovery and
>  > > others but
>   > > > have had no luck, the recovery agent
> displays that no user
>  > > is able to
>   > > > decrypt the files and the user account has
> not changed
>  > > because the
>   > > > user is in a domain. I have tried logging in
> as local admin,
>  > > domain
>   > > > admin, but still no luck. anyone know of
> anything I can do.
>  > > and no
>   > > > the user didn't export the keys.
>   > > >
>   > > > --
>   > > > Posted using the
> http://www.windowsforumz.com interface, at author's
>   > > > request
>   > > > Articles individually checked for
> conformance to usenet
>  > > standards
>   > > > Topic URL:
>   > > >
> http://www.windowsforumz.com/Security-Admin-EFS-Issue-f...
>   > > > Visit Topic URL to contact author (reg.
> req'd). Report
>  > > abuse:
>   > > >
> http://www.windowsforumz.com/eform.php?p=1177687
> >
> > I’m not sure, I logged in as admin on the local machine and
> as the
> > domain admin and the windows recovery thing display no
> recovery agent
> > present. is this something that user had to setup or is an
> automatic
> > thing?
> >
>
> With XP you have to setup the recovery agent. Win2k worked
> differently. If
> he was logged on locally when he encrypted the files you are
> probably out of
> luck. If he was logged on as a domain user you will have to
> figure out if
> there is a recovery agent and who it is. Export the recovery
> key and import
> it on the machine with the files on it. You may also have to
> take ownership
> of the files on the USB drive first.
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;887414
>
> http://www.microsoft.com/resources/documentation/Window...
>
> Kerry

He was a domain user but the key was on the system partition and the
data is on another drive, the system partition that had the keys was
deleted with the install of Win XP. I logged in as the user and the
recovery agent displays no recovery agent present, likewise for the
local admin and domain admin. I have not taken ownership though.
would I need to do that for the recovery agent.
Anonymous
April 29, 2005 3:24:53 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"Mouse4440" <DoNotEmail@WindowsForumz.com> wrote in message
news:3_1184166_682e46f0d60f56f2114f32822a76208d@windowsforumz.com...
> "kerry15" wrote:
> > "Mouse4440" <DoNotEmail@WindowsForumz.com> wrote in message
> > news:3_1183971_590abcb1375a568d59e74bf288c16868@windowsforumz.com...
> > > "Jupiter Jones MVP" wrote:
> >  > > Was there a Designated Recovery Agent on the domain?
> >  > > If not, the data is most likely gone for good.
> >  > >
> >  > > See the bottom of this page for ways to help prevent
> > data loss
> >  > > with EFS in
> >  > > the future:
> >  > > http://www3.telus.net/dandemar/encrypt.htm
> >  > >
> >  > > --
> >  > > Jupiter Jones [MVP]
> >  > > http://www3.telus.net/dandemar
> >  > > In memory of our dear friend, MVP Alex Nichol
> >  > > http://www.dts-l.org
> >  > >
> >  > >
> >  > > "Mouse4440" <UseLinkToEmail@WindowsForumz.com>
> > wrote in
> >  > > message
> >  > >
> > news:3_1177687_c7f35c781fba764475392afee945baeb@windowsforumz.com...
> >   > > > Recently I used RIS (Remote Installation
> > Service) to
> >  > > reinstall a
> >   > > > clients workstation because it had been
> > upgraded and had
> >  > > different
> >   > > > versions of Office installed and just
> > generally had issues,
> >  > > but what I
> >   > > > didn't know is that the user had Encrypted
> > files on another
> >  > > drive (USB
> >   > > > External Hard Drive) so after I reinstalled
> > the OS the
> >  > > Computer
> >   > > > account is not the same as before and he can
> > no longer
> >  > > access the
> >   > > > files that were on the other drive. I have
> > tried several of
> >  > > the free
> >   > > > downloadable recovery packages Advanced EFS
> > recovery and
> >  > > others but
> >   > > > have had no luck, the recovery agent
> > displays that no user
> >  > > is able to
> >   > > > decrypt the files and the user account has
> > not changed
> >  > > because the
> >   > > > user is in a domain. I have tried logging in
> > as local admin,
> >  > > domain
> >   > > > admin, but still no luck. anyone know of
> > anything I can do.
> >  > > and no
> >   > > > the user didn't export the keys.
> >   > > >
> >   > > > --
> >   > > > Posted using the
> > http://www.windowsforumz.com interface, at author's
> >   > > > request
> >   > > > Articles individually checked for
> > conformance to usenet
> >  > > standards
> >   > > > Topic URL:
> >   > > >
> > http://www.windowsforumz.com/Security-Admin-EFS-Issue-f...
> >   > > > Visit Topic URL to contact author (reg.
> > req'd). Report
> >  > > abuse:
> >   > > >
> > http://www.windowsforumz.com/eform.php?p=1177687
> > >
> > > I’m not sure, I logged in as admin on the local machine and
> > as the
> > > domain admin and the windows recovery thing display no
> > recovery agent
> > > present. is this something that user had to setup or is an
> > automatic
> > > thing?
> > >
> >
> > With XP you have to setup the recovery agent. Win2k worked
> > differently. If
> > he was logged on locally when he encrypted the files you are
> > probably out of
> > luck. If he was logged on as a domain user you will have to
> > figure out if
> > there is a recovery agent and who it is. Export the recovery
> > key and import
> > it on the machine with the files on it. You may also have to
> > take ownership
> > of the files on the USB drive first.
> >
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;887414
> >
> > http://www.microsoft.com/resources/documentation/Window...
> >
> > Kerry
>
> He was a domain user but the key was on the system partition and the
> data is on another drive, the system partition that had the keys was
> deleted with the install of Win XP. I logged in as the user and the
> recovery agent displays no recovery agent present, likewise for the
> local admin and domain admin. I have not taken ownership though.
> would I need to do that for the recovery agent.

You have to figure out who the DRA is (see my previous links), export their
private certificate and key, then import the certificate and key on the
computer that you are using to decrypt the files. It is common practice to
only use certain secure computers for EFS recovery so that the key cannot be
taken away and data unencrypted off site. If this is the case you would have
to have the files on the recovery computer. You may or may not have to take
ownership first but it wouldn't hurt to do so. EFS can be very tricky. From
what you have described his data is probably gone. You should investigate
the links in my last post and either restrict users from using EFS via group
policy or setup a DRA and store the certificate and key in a safe place. If
you don't this may cause you grief again in the future.

Kerry
!