Sign in with
Sign up | Sign in
Your question

Unable to open secured folder

Last response: in Windows 2000/NT
Share
Anonymous
a b 8 Security
December 7, 2004 3:31:01 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Hello
Recently my windows 2000 pro operating system crashed.
I had made a power user in my own name and using NTFS file system I had
given security to one folder. I had denied access for everyone to this
folder. I had kept my excel files in this folder in which all my bank
transactions were kept.
I was not able to repair the crashed operating system. Thereafter I
configured windows 2000 server on my PC and moved my secured data to
different partition. After this I again loaded the windows 2000 pro operating
system without formatting any of the drives.
Now I am not able to open my secured files.
This is how one can try the experiment.
1. I logged off ‘Administrator’ and changed to power user ‘self’ having log
in password.
2. I made a folder ‘SelfData’ and kept some Excel , Word and wordpad files.
3. I right clicked the folder and went to properties.
4. Under ‘security’ tab I unchecked the check box ‘Allow inheritable
permissions from parent to propagate to this object.’
5. With this a security dialog flashed asking’ you are preventing any
inheritable permissions from propagating to this object. What do you want to
do?’ I pressed ‘Remove’ button.
6. At this time under the ‘security’ tab no owner was shown. I clicked
‘Advanced’ button.
7. Now a Dialog box ‘Access control settings for Network’ appeared. In this
under ‘Permissions’ tab I clicked ‘Add’ and added power user ‘self’.
8. With this a new dialog box appered ‘Permission Entry for Network’. Under
‘allow’ I checked all check boxes and then clicked OK.
9. Then ‘Apply’ and ‘OK’ buttons under ‘ Access Control Settings for
Network..’
10. Then I logged off ‘self’ and changed to ‘Administrator’.
11. I couldn’t get direct access to the folder. So under properties I took
the ownership of that folder.
12. I could now see the files in that folder.
13. Now when I tried to open that particular file say Excel file I got the
message ‘ Excel can not access particular file. The document may be read only
or encrypted.’

I MADE A FOLDER “SelfData2’ UNDER ADMINISTRATOR AND LOGGED OFF AND CHANGED
TO USER ‘self’. I COPIED SOME FILES IN THIS FOLDER AND REPEATED THE ABOVE
PROCEDURE. THIS TIME I COULD OPEN THE FILES.

This appears to be very good security feature. But how to decrypt the files.
I have tried with mmc and consoles and tried to import encryption and
recovery certificates. But this didn’t work.

In market there are plethora of third party licensed software for folder
security. Why so much complications in Microsoft for a user.
Anonymous
a b 8 Security
December 7, 2004 9:48:07 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Are the files encrypted with EFS? Check the folder properties/advanced to
see if the encryption attribute is selected. If it is you may never be able
to access those files unless you had previously exported the user or
Recovery Agent certificate AND private key to a .pfx file that could
possibly be imported to the computer/user to decrypt the files. It is not
good enough to import the certificate [public key alone] via a .cer file. If
you have a backup of the user's profile from a time after the files were
encrypted and know that users' password you might be able to recover any EFS
encrypted files for that user with the help of Microsoft support or a not
free third part tool. Such is the nature of file encryption as the
certificate/private keys used to access the files are unique or else the
encryption would be useless. The efsinfo tool can be used to see what
users/certificates are associated with an EFS encrypted file. --- Steve



"hdhuri40" <hdhuri40@discussions.microsoft.com> wrote in message
news:42856A84-3BD9-49DA-8F52-7C795938BAD8@microsoft.com...
> Hello
> Recently my windows 2000 pro operating system crashed.
> I had made a power user in my own name and using NTFS file system I had
> given security to one folder. I had denied access for everyone to this
> folder. I had kept my excel files in this folder in which all my bank
> transactions were kept.
> I was not able to repair the crashed operating system. Thereafter I
> configured windows 2000 server on my PC and moved my secured data to
> different partition. After this I again loaded the windows 2000 pro
> operating
> system without formatting any of the drives.
> Now I am not able to open my secured files.
> This is how one can try the experiment.
> 1. I logged off 'Administrator' and changed to power user 'self' having
> log
> in password.
> 2. I made a folder 'SelfData' and kept some Excel , Word and wordpad
> files.
> 3. I right clicked the folder and went to properties.
> 4. Under 'security' tab I unchecked the check box 'Allow inheritable
> permissions from parent to propagate to this object.'
> 5. With this a security dialog flashed asking' you are preventing any
> inheritable permissions from propagating to this object. What do you want
> to
> do?' I pressed 'Remove' button.
> 6. At this time under the 'security' tab no owner was shown. I clicked
> 'Advanced' button.
> 7. Now a Dialog box 'Access control settings for Network' appeared. In
> this
> under 'Permissions' tab I clicked 'Add' and added power user 'self'.
> 8. With this a new dialog box appered 'Permission Entry for Network'.
> Under
> 'allow' I checked all check boxes and then clicked OK.
> 9. Then 'Apply' and 'OK' buttons under ' Access Control Settings for
> Network..'
> 10. Then I logged off 'self' and changed to 'Administrator'.
> 11. I couldn't get direct access to the folder. So under properties I took
> the ownership of that folder.
> 12. I could now see the files in that folder.
> 13. Now when I tried to open that particular file say Excel file I got the
> message ' Excel can not access particular file. The document may be read
> only
> or encrypted.'
>
> I MADE A FOLDER "SelfData2' UNDER ADMINISTRATOR AND LOGGED OFF AND CHANGED
> TO USER 'self'. I COPIED SOME FILES IN THIS FOLDER AND REPEATED THE ABOVE
> PROCEDURE. THIS TIME I COULD OPEN THE FILES.
>
> This appears to be very good security feature. But how to decrypt the
> files.
> I have tried with mmc and consoles and tried to import encryption and
> recovery certificates. But this didn't work.
>
> In market there are plethora of third party licensed software for folder
> security. Why so much complications in Microsoft for a user.
>
>
>
>
>
Anonymous
a b 8 Security
December 7, 2004 11:35:02 PM

Archived from groups: microsoft.public.win2000.security (More info?)

I tried with efsinfo from Microsoft TechNet Article ID 243026
‘Using Efsinfo.exe to determine information about encrypted files’. But this
Efsinfo.exe file is not available on my standalone PC. It is clearly written
in this article that ‘Stand-alone Windows 2000 workstations and servers do
not display the recovery agent information. The default recovery agent for
all stand-alone computers is the local Administrator account.’

I couldn’t solve this problem using google help.

No files in this folder are encrypted or read only. Only the folder is
secured. This is applicable to all types of files not just MSoffice files. In
the above trial if we move some files in user mode who has secured the
folder, other users even administrator can’t see the contents of these files.
This appears to be a good feature of folder protection. But how to make use
of this?

Dhuri


"Steven L Umbach" wrote:

> Are the files encrypted with EFS? Check the folder properties/advanced to
> see if the encryption attribute is selected. If it is you may never be able
> to access those files unless you had previously exported the user or
> Recovery Agent certificate AND private key to a .pfx file that could
> possibly be imported to the computer/user to decrypt the files. It is not
> good enough to import the certificate [public key alone] via a .cer file. If
> you have a backup of the user's profile from a time after the files were
> encrypted and know that users' password you might be able to recover any EFS
> encrypted files for that user with the help of Microsoft support or a not
> free third part tool. Such is the nature of file encryption as the
> certificate/private keys used to access the files are unique or else the
> encryption would be useless. The efsinfo tool can be used to see what
> users/certificates are associated with an EFS encrypted file. --- Steve
>
>
>
> "hdhuri40" <hdhuri40@discussions.microsoft.com> wrote in message
> news:42856A84-3BD9-49DA-8F52-7C795938BAD8@microsoft.com...
> > Hello
> > Recently my windows 2000 pro operating system crashed.
> > I had made a power user in my own name and using NTFS file system I had
> > given security to one folder. I had denied access for everyone to this
> > folder. I had kept my excel files in this folder in which all my bank
> > transactions were kept.
> > I was not able to repair the crashed operating system. Thereafter I
> > configured windows 2000 server on my PC and moved my secured data to
> > different partition. After this I again loaded the windows 2000 pro
> > operating
> > system without formatting any of the drives.
> > Now I am not able to open my secured files.
> > This is how one can try the experiment.
> > 1. I logged off 'Administrator' and changed to power user 'self' having
> > log
> > in password.
> > 2. I made a folder 'SelfData' and kept some Excel , Word and wordpad
> > files.
> > 3. I right clicked the folder and went to properties.
> > 4. Under 'security' tab I unchecked the check box 'Allow inheritable
> > permissions from parent to propagate to this object.'
> > 5. With this a security dialog flashed asking' you are preventing any
> > inheritable permissions from propagating to this object. What do you want
> > to
> > do?' I pressed 'Remove' button.
> > 6. At this time under the 'security' tab no owner was shown. I clicked
> > 'Advanced' button.
> > 7. Now a Dialog box 'Access control settings for Network' appeared. In
> > this
> > under 'Permissions' tab I clicked 'Add' and added power user 'self'.
> > 8. With this a new dialog box appered 'Permission Entry for Network'.
> > Under
> > 'allow' I checked all check boxes and then clicked OK.
> > 9. Then 'Apply' and 'OK' buttons under ' Access Control Settings for
> > Network..'
> > 10. Then I logged off 'self' and changed to 'Administrator'.
> > 11. I couldn't get direct access to the folder. So under properties I took
> > the ownership of that folder.
> > 12. I could now see the files in that folder.
> > 13. Now when I tried to open that particular file say Excel file I got the
> > message ' Excel can not access particular file. The document may be read
> > only
> > or encrypted.'
> >
> > I MADE A FOLDER "SelfData2' UNDER ADMINISTRATOR AND LOGGED OFF AND CHANGED
> > TO USER 'self'. I COPIED SOME FILES IN THIS FOLDER AND REPEATED THE ABOVE
> > PROCEDURE. THIS TIME I COULD OPEN THE FILES.
> >
> > This appears to be very good security feature. But how to decrypt the
> > files.
> > I have tried with mmc and consoles and tried to import encryption and
> > recovery certificates. But this didn't work.
> >
> > In market there are plethora of third party licensed software for folder
> > security. Why so much complications in Microsoft for a user.
> >
> >
> >
> >
> >
>
>
>
Related resources
Anonymous
a b 8 Security
December 8, 2004 8:34:40 AM

Archived from groups: microsoft.public.win2000.security (More info?)

You can download efsinfo to use on any Windows 2000 computer but it will
only show information for encrypted files. You can also use the built in
cipher command to see if any files are encrypted with EFS. I believe you
already said that you changed ownership on the files to administrators. If
the files are not encrypted with EFS, double check that administrators are
indeed owner of the locked out files. Being the owner of a folder/file alone
does not give an administrator access but it does allow the administrator to
change permissions and add administrators group to the access list of the
folder/file with full control and then he should be able to gain access. As
far as being read only, that may not mean file permissions but file
attribute. Open the file properties and if read only is selected, uncheck it
to see what happens. If that does not work I would suspect a third party
encryption program being used or possibly the files are protected via
Digital Rights Management which is not that common and would require a more
complex network configuration including a Certificate Authority which would
most likely not be found on a home users network. Also be sure to run Check
Disk on your computer in case there is file corruption. --- Steve

'

"Dhuri" <Dhuri@discussions.microsoft.com> wrote in message
news:91198D2A-2F7B-44AA-A535-BCD4792BE3AF@microsoft.com...
> I tried with efsinfo from Microsoft TechNet Article ID 243026
> 'Using Efsinfo.exe to determine information about encrypted files'. But
> this
> Efsinfo.exe file is not available on my standalone PC. It is clearly
> written
> in this article that 'Stand-alone Windows 2000 workstations and servers do
> not display the recovery agent information. The default recovery agent for
> all stand-alone computers is the local Administrator account.'
>
> I couldn't solve this problem using google help.
>
> No files in this folder are encrypted or read only. Only the folder is
> secured. This is applicable to all types of files not just MSoffice files.
> In
> the above trial if we move some files in user mode who has secured the
> folder, other users even administrator can't see the contents of these
> files.
> This appears to be a good feature of folder protection. But how to make
> use
> of this?
>
> Dhuri
>
>
> "Steven L Umbach" wrote:
>
>> Are the files encrypted with EFS? Check the folder properties/advanced to
>> see if the encryption attribute is selected. If it is you may never be
>> able
>> to access those files unless you had previously exported the user or
>> Recovery Agent certificate AND private key to a .pfx file that could
>> possibly be imported to the computer/user to decrypt the files. It is not
>> good enough to import the certificate [public key alone] via a .cer file.
>> If
>> you have a backup of the user's profile from a time after the files were
>> encrypted and know that users' password you might be able to recover any
>> EFS
>> encrypted files for that user with the help of Microsoft support or a not
>> free third part tool. Such is the nature of file encryption as the
>> certificate/private keys used to access the files are unique or else the
>> encryption would be useless. The efsinfo tool can be used to see what
>> users/certificates are associated with an EFS encrypted file. --- Steve
>>
>>
>>
>> "hdhuri40" <hdhuri40@discussions.microsoft.com> wrote in message
>> news:42856A84-3BD9-49DA-8F52-7C795938BAD8@microsoft.com...
>> > Hello
>> > Recently my windows 2000 pro operating system crashed.
>> > I had made a power user in my own name and using NTFS file system I had
>> > given security to one folder. I had denied access for everyone to this
>> > folder. I had kept my excel files in this folder in which all my bank
>> > transactions were kept.
>> > I was not able to repair the crashed operating system. Thereafter I
>> > configured windows 2000 server on my PC and moved my secured data to
>> > different partition. After this I again loaded the windows 2000 pro
>> > operating
>> > system without formatting any of the drives.
>> > Now I am not able to open my secured files.
>> > This is how one can try the experiment.
>> > 1. I logged off 'Administrator' and changed to power user 'self' having
>> > log
>> > in password.
>> > 2. I made a folder 'SelfData' and kept some Excel , Word and wordpad
>> > files.
>> > 3. I right clicked the folder and went to properties.
>> > 4. Under 'security' tab I unchecked the check box 'Allow inheritable
>> > permissions from parent to propagate to this object.'
>> > 5. With this a security dialog flashed asking' you are preventing any
>> > inheritable permissions from propagating to this object. What do you
>> > want
>> > to
>> > do?' I pressed 'Remove' button.
>> > 6. At this time under the 'security' tab no owner was shown. I clicked
>> > 'Advanced' button.
>> > 7. Now a Dialog box 'Access control settings for Network' appeared. In
>> > this
>> > under 'Permissions' tab I clicked 'Add' and added power user 'self'.
>> > 8. With this a new dialog box appered 'Permission Entry for Network'.
>> > Under
>> > 'allow' I checked all check boxes and then clicked OK.
>> > 9. Then 'Apply' and 'OK' buttons under ' Access Control Settings for
>> > Network..'
>> > 10. Then I logged off 'self' and changed to 'Administrator'.
>> > 11. I couldn't get direct access to the folder. So under properties I
>> > took
>> > the ownership of that folder.
>> > 12. I could now see the files in that folder.
>> > 13. Now when I tried to open that particular file say Excel file I got
>> > the
>> > message ' Excel can not access particular file. The document may be
>> > read
>> > only
>> > or encrypted.'
>> >
>> > I MADE A FOLDER "SelfData2' UNDER ADMINISTRATOR AND LOGGED OFF AND
>> > CHANGED
>> > TO USER 'self'. I COPIED SOME FILES IN THIS FOLDER AND REPEATED THE
>> > ABOVE
>> > PROCEDURE. THIS TIME I COULD OPEN THE FILES.
>> >
>> > This appears to be very good security feature. But how to decrypt the
>> > files.
>> > I have tried with mmc and consoles and tried to import encryption and
>> > recovery certificates. But this didn't work.
>> >
>> > In market there are plethora of third party licensed software for
>> > folder
>> > security. Why so much complications in Microsoft for a user.
>> >
>> >
>> >
>> >
>> >
>>
>>
>>
Anonymous
a b 8 Security
December 9, 2004 11:17:25 PM

Archived from groups: microsoft.public.win2000.security (More info?)

As an administrator I can take the ownership of the folder. But while copying
the files from this folder to other computers or even floppy I get the
message ‘ Cannot copy. Access denied. The source file may be in use.’
I downloaded and executed the efsinfo.exe file from site
http://www.microsoft.com/windows2000/techinfo/reskit/to...
But I could not execute it as I got the message at command prompt and this
is not recognized as an internal or external command.
With built in cipher command my encrypted folder was not detected.
Please note that none of the file attributes in this folder are read only.
Also these files are not corrupt.


"Steven L Umbach" wrote:

> You can download efsinfo to use on any Windows 2000 computer but it will
> only show information for encrypted files. You can also use the built in
> cipher command to see if any files are encrypted with EFS. I believe you
> already said that you changed ownership on the files to administrators. If
> the files are not encrypted with EFS, double check that administrators are
> indeed owner of the locked out files. Being the owner of a folder/file alone
> does not give an administrator access but it does allow the administrator to
> change permissions and add administrators group to the access list of the
> folder/file with full control and then he should be able to gain access. As
> far as being read only, that may not mean file permissions but file
> attribute. Open the file properties and if read only is selected, uncheck it
> to see what happens. If that does not work I would suspect a third party
> encryption program being used or possibly the files are protected via
> Digital Rights Management which is not that common and would require a more
> complex network configuration including a Certificate Authority which would
> most likely not be found on a home users network. Also be sure to run Check
> Disk on your computer in case there is file corruption. --- Steve
>
> '
>
> "Dhuri" <Dhuri@discussions.microsoft.com> wrote in message
> news:91198D2A-2F7B-44AA-A535-BCD4792BE3AF@microsoft.com...
> > I tried with efsinfo from Microsoft TechNet Article ID 243026
> > 'Using Efsinfo.exe to determine information about encrypted files'. But
> > this
> > Efsinfo.exe file is not available on my standalone PC. It is clearly
> > written
> > in this article that 'Stand-alone Windows 2000 workstations and servers do
> > not display the recovery agent information. The default recovery agent for
> > all stand-alone computers is the local Administrator account.'
> >
> > I couldn't solve this problem using google help.
> >
> > No files in this folder are encrypted or read only. Only the folder is
> > secured. This is applicable to all types of files not just MSoffice files.
> > In
> > the above trial if we move some files in user mode who has secured the
> > folder, other users even administrator can't see the contents of these
> > files.
> > This appears to be a good feature of folder protection. But how to make
> > use
> > of this?
> >
> > Dhuri
> >
> >
> > "Steven L Umbach" wrote:
> >
> >> Are the files encrypted with EFS? Check the folder properties/advanced to
> >> see if the encryption attribute is selected. If it is you may never be
> >> able
> >> to access those files unless you had previously exported the user or
> >> Recovery Agent certificate AND private key to a .pfx file that could
> >> possibly be imported to the computer/user to decrypt the files. It is not
> >> good enough to import the certificate [public key alone] via a .cer file.
> >> If
> >> you have a backup of the user's profile from a time after the files were
> >> encrypted and know that users' password you might be able to recover any
> >> EFS
> >> encrypted files for that user with the help of Microsoft support or a not
> >> free third part tool. Such is the nature of file encryption as the
> >> certificate/private keys used to access the files are unique or else the
> >> encryption would be useless. The efsinfo tool can be used to see what
> >> users/certificates are associated with an EFS encrypted file. --- Steve
> >>
> >>
> >>
> >> "hdhuri40" <hdhuri40@discussions.microsoft.com> wrote in message
> >> news:42856A84-3BD9-49DA-8F52-7C795938BAD8@microsoft.com...
> >> > Hello
> >> > Recently my windows 2000 pro operating system crashed.
> >> > I had made a power user in my own name and using NTFS file system I had
> >> > given security to one folder. I had denied access for everyone to this
> >> > folder. I had kept my excel files in this folder in which all my bank
> >> > transactions were kept.
> >> > I was not able to repair the crashed operating system. Thereafter I
> >> > configured windows 2000 server on my PC and moved my secured data to
> >> > different partition. After this I again loaded the windows 2000 pro
> >> > operating
> >> > system without formatting any of the drives.
> >> > Now I am not able to open my secured files.
> >> > This is how one can try the experiment.
> >> > 1. I logged off 'Administrator' and changed to power user 'self' having
> >> > log
> >> > in password.
> >> > 2. I made a folder 'SelfData' and kept some Excel , Word and wordpad
> >> > files.
> >> > 3. I right clicked the folder and went to properties.
> >> > 4. Under 'security' tab I unchecked the check box 'Allow inheritable
> >> > permissions from parent to propagate to this object.'
> >> > 5. With this a security dialog flashed asking' you are preventing any
> >> > inheritable permissions from propagating to this object. What do you
> >> > want
> >> > to
> >> > do?' I pressed 'Remove' button.
> >> > 6. At this time under the 'security' tab no owner was shown. I clicked
> >> > 'Advanced' button.
> >> > 7. Now a Dialog box 'Access control settings for Network' appeared. In
> >> > this
> >> > under 'Permissions' tab I clicked 'Add' and added power user 'self'.
> >> > 8. With this a new dialog box appered 'Permission Entry for Network'.
> >> > Under
> >> > 'allow' I checked all check boxes and then clicked OK.
> >> > 9. Then 'Apply' and 'OK' buttons under ' Access Control Settings for
> >> > Network..'
> >> > 10. Then I logged off 'self' and changed to 'Administrator'.
> >> > 11. I couldn't get direct access to the folder. So under properties I
> >> > took
> >> > the ownership of that folder.
> >> > 12. I could now see the files in that folder.
> >> > 13. Now when I tried to open that particular file say Excel file I got
> >> > the
> >> > message ' Excel can not access particular file. The document may be
> >> > read
> >> > only
> >> > or encrypted.'
> >> >
> >> > I MADE A FOLDER "SelfData2' UNDER ADMINISTRATOR AND LOGGED OFF AND
> >> > CHANGED
> >> > TO USER 'self'. I COPIED SOME FILES IN THIS FOLDER AND REPEATED THE
> >> > ABOVE
> >> > PROCEDURE. THIS TIME I COULD OPEN THE FILES.
> >> >
> >> > This appears to be very good security feature. But how to decrypt the
> >> > files.
> >> > I have tried with mmc and consoles and tried to import encryption and
> >> > recovery certificates. But this didn't work.
> >> >
> >> > In market there are plethora of third party licensed software for
> >> > folder
> >> > security. Why so much complications in Microsoft for a user.
> >> >
> >> >
> >> >
> >> >
> >> >
> >>
> >>
> >>
>
>
>
Anonymous
a b 8 Security
December 11, 2004 1:27:45 AM

Archived from groups: microsoft.public.win2000.security (More info?)

If cipher did not report any folder/files as E then EFS encryption is not
being used. Efsinfo should have worked, maybe you need to specify the full
path to it from the error message you got. Try to copy the file from safe
mode to see if that helps. If that all fails I would tend to believe a third
party encryption program is being used. --- Steve


"Dhuri" <Dhuri@discussions.microsoft.com> wrote in message
news:39E77086-7C6F-47D6-BD18-8B664DF8369B@microsoft.com...
> As an administrator I can take the ownership of the folder. But while
> copying
> the files from this folder to other computers or even floppy I get the
> message ' Cannot copy. Access denied. The source file may be in use.'
> I downloaded and executed the efsinfo.exe file from site
> http://www.microsoft.com/windows2000/techinfo/reskit/to...
> But I could not execute it as I got the message at command prompt and this
> is not recognized as an internal or external command.
> With built in cipher command my encrypted folder was not detected.
> Please note that none of the file attributes in this folder are read only.
> Also these files are not corrupt.
>
>
> "Steven L Umbach" wrote:
>
>> You can download efsinfo to use on any Windows 2000 computer but it will
>> only show information for encrypted files. You can also use the built in
>> cipher command to see if any files are encrypted with EFS. I believe you
>> already said that you changed ownership on the files to administrators.
>> If
>> the files are not encrypted with EFS, double check that administrators
>> are
>> indeed owner of the locked out files. Being the owner of a folder/file
>> alone
>> does not give an administrator access but it does allow the administrator
>> to
>> change permissions and add administrators group to the access list of the
>> folder/file with full control and then he should be able to gain access.
>> As
>> far as being read only, that may not mean file permissions but file
>> attribute. Open the file properties and if read only is selected, uncheck
>> it
>> to see what happens. If that does not work I would suspect a third party
>> encryption program being used or possibly the files are protected via
>> Digital Rights Management which is not that common and would require a
>> more
>> complex network configuration including a Certificate Authority which
>> would
>> most likely not be found on a home users network. Also be sure to run
>> Check
>> Disk on your computer in case there is file corruption. --- Steve
>>
>> '
>>
>> "Dhuri" <Dhuri@discussions.microsoft.com> wrote in message
>> news:91198D2A-2F7B-44AA-A535-BCD4792BE3AF@microsoft.com...
>> > I tried with efsinfo from Microsoft TechNet Article ID 243026
>> > 'Using Efsinfo.exe to determine information about encrypted files'. But
>> > this
>> > Efsinfo.exe file is not available on my standalone PC. It is clearly
>> > written
>> > in this article that 'Stand-alone Windows 2000 workstations and servers
>> > do
>> > not display the recovery agent information. The default recovery agent
>> > for
>> > all stand-alone computers is the local Administrator account.'
>> >
>> > I couldn't solve this problem using google help.
>> >
>> > No files in this folder are encrypted or read only. Only the folder is
>> > secured. This is applicable to all types of files not just MSoffice
>> > files.
>> > In
>> > the above trial if we move some files in user mode who has secured the
>> > folder, other users even administrator can't see the contents of these
>> > files.
>> > This appears to be a good feature of folder protection. But how to make
>> > use
>> > of this?
>> >
>> > Dhuri
>> >
>> >
>> > "Steven L Umbach" wrote:
>> >
>> >> Are the files encrypted with EFS? Check the folder properties/advanced
>> >> to
>> >> see if the encryption attribute is selected. If it is you may never be
>> >> able
>> >> to access those files unless you had previously exported the user or
>> >> Recovery Agent certificate AND private key to a .pfx file that could
>> >> possibly be imported to the computer/user to decrypt the files. It is
>> >> not
>> >> good enough to import the certificate [public key alone] via a .cer
>> >> file.
>> >> If
>> >> you have a backup of the user's profile from a time after the files
>> >> were
>> >> encrypted and know that users' password you might be able to recover
>> >> any
>> >> EFS
>> >> encrypted files for that user with the help of Microsoft support or a
>> >> not
>> >> free third part tool. Such is the nature of file encryption as the
>> >> certificate/private keys used to access the files are unique or else
>> >> the
>> >> encryption would be useless. The efsinfo tool can be used to see what
>> >> users/certificates are associated with an EFS encrypted file. ---
>> >> Steve
>> >>
>> >>
>> >>
>> >> "hdhuri40" <hdhuri40@discussions.microsoft.com> wrote in message
>> >> news:42856A84-3BD9-49DA-8F52-7C795938BAD8@microsoft.com...
>> >> > Hello
>> >> > Recently my windows 2000 pro operating system crashed.
>> >> > I had made a power user in my own name and using NTFS file system I
>> >> > had
>> >> > given security to one folder. I had denied access for everyone to
>> >> > this
>> >> > folder. I had kept my excel files in this folder in which all my
>> >> > bank
>> >> > transactions were kept.
>> >> > I was not able to repair the crashed operating system. Thereafter I
>> >> > configured windows 2000 server on my PC and moved my secured data to
>> >> > different partition. After this I again loaded the windows 2000 pro
>> >> > operating
>> >> > system without formatting any of the drives.
>> >> > Now I am not able to open my secured files.
>> >> > This is how one can try the experiment.
>> >> > 1. I logged off 'Administrator' and changed to power user 'self'
>> >> > having
>> >> > log
>> >> > in password.
>> >> > 2. I made a folder 'SelfData' and kept some Excel , Word and wordpad
>> >> > files.
>> >> > 3. I right clicked the folder and went to properties.
>> >> > 4. Under 'security' tab I unchecked the check box 'Allow inheritable
>> >> > permissions from parent to propagate to this object.'
>> >> > 5. With this a security dialog flashed asking' you are preventing
>> >> > any
>> >> > inheritable permissions from propagating to this object. What do
>> >> > you
>> >> > want
>> >> > to
>> >> > do?' I pressed 'Remove' button.
>> >> > 6. At this time under the 'security' tab no owner was shown. I
>> >> > clicked
>> >> > 'Advanced' button.
>> >> > 7. Now a Dialog box 'Access control settings for Network' appeared.
>> >> > In
>> >> > this
>> >> > under 'Permissions' tab I clicked 'Add' and added power user 'self'.
>> >> > 8. With this a new dialog box appered 'Permission Entry for
>> >> > Network'.
>> >> > Under
>> >> > 'allow' I checked all check boxes and then clicked OK.
>> >> > 9. Then 'Apply' and 'OK' buttons under ' Access Control Settings for
>> >> > Network..'
>> >> > 10. Then I logged off 'self' and changed to 'Administrator'.
>> >> > 11. I couldn't get direct access to the folder. So under properties
>> >> > I
>> >> > took
>> >> > the ownership of that folder.
>> >> > 12. I could now see the files in that folder.
>> >> > 13. Now when I tried to open that particular file say Excel file I
>> >> > got
>> >> > the
>> >> > message ' Excel can not access particular file. The document may be
>> >> > read
>> >> > only
>> >> > or encrypted.'
>> >> >
>> >> > I MADE A FOLDER "SelfData2' UNDER ADMINISTRATOR AND LOGGED OFF AND
>> >> > CHANGED
>> >> > TO USER 'self'. I COPIED SOME FILES IN THIS FOLDER AND REPEATED THE
>> >> > ABOVE
>> >> > PROCEDURE. THIS TIME I COULD OPEN THE FILES.
>> >> >
>> >> > This appears to be very good security feature. But how to decrypt
>> >> > the
>> >> > files.
>> >> > I have tried with mmc and consoles and tried to import encryption
>> >> > and
>> >> > recovery certificates. But this didn't work.
>> >> >
>> >> > In market there are plethora of third party licensed software for
>> >> > folder
>> >> > security. Why so much complications in Microsoft for a user.
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >>
>> >>
>> >>
>>
>>
>>
!