"Access denied" on encrypted files after reinstall

[Alfio Lupo]

Hi,

due to a strange system behaviour (e.g. some apps refusing
to uninstall), I decided to re-install Windows 2000 over
itself. I had done it previosly without any harm to the
installed software.

This time, though, I had an encrypted (EFS) folder. After
reinstallation, any attempts to access files in that folder
end up with an "access denied" error.

I've already tried to export my EFS recovery certificate to
another machine and to copy the encrypted folder there
(using ntbackup), still I get the same error.

Am I missing something? Is there any way out of this
situation? Any help would be appreciated... needless to
say, those files where quite important...

Thanks in advance.

Regards,
Alfio

 

[Steven L Umbach]

I assume you are talking about an in place upgrade. Possibly your private
key used for decryption has become corrupted. By default the built in
administrator account would be the recovery agent which is required in W2K.
If you have not tried it, log on as THE built in administrator to see if
that account can access the files. You may also try using the cipher command
to decrypt them.

You can restore a file to another computer, but you must logon as the same
user/password and your private key also needs to be available - not just the
certificate. If you exported/imported a .pfx file then the private key was
also included. It may also help to use the efsinfo command to view what
user/recovery agent can decrypt the files and view the thumbprint info for
the certificate that you can then try to match up to the certificate in the
users/reovery agents user certificate store available via mmc certificates
snapin for user. The thumprints must match. The link below may be
elpful. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;243026

 

[news.microsoft.com]

Hello,

I have trying to create trust relationship between new domain controler on
Windows 2003 server and with PDC Windows NT 4.0 server (Service pack 6a).
These two domains are in the same subnet and see each other in ping to the
domain name (the resolution done by the hosts file on each domain).

1. I am adding in NT 4.0 under trusting domains the domain with the
password.
2. I am trying to create "New Trust..." in Windows 2003 (adding netbios name
in "Two-way" and "selective authentication" then the password.

The results:
"The domain was in the wrong state to perform the security operation."

How could I make this relationship success?

Thanks in advanced,
Tal