EFS Files Inaccessible After Profile Change (Even for Recovery Agent)

  • Thread starter Thread starter Jerry Baker
  • Start date Start date
J

Jerry Baker

Hello,

My situation is that our sysadmins migrated our profiles company-wide
without warning. They changed the domain we belong to as well as our
user names and passwords. Now I cannot access my EFS files. I even
logged in as the recovery agent (built-in admin), but I could only
recover some of the files. There are still a lot of files that give the
"Access is denied" error when I try to decrypt them (the permissions are
set to everyone:F). I still have the EFS certificate that was originally
used to encrypt the files, and it's already imported. I cannot change
the password on my new profile to be the same as the old password since
old passwords are banned domain-wide. How can I recover these files
given that I have admin access and I have the original EFS certificate?

Thanks.
 
That's what I call security ... even the administrator with the recovery
key and the original EFS key cannot recover the file. You can't get much
stronger than that when it comes to encryption.
 
Mmmmmmmmm - elusive this recovery is. *EFG* I'd be bitching out the IT dept
onna daily basis 'cuz those idiots should have made EVERYONE aware of this
change because it affected EVERYONE. I've seen ppl get fired over crap like
this - usually after the dept heads can't get into their stuff and it's LOST
FOREVER. I've had my fair share of MS EFS encryption screwups - now I refuse
to use MS EFS for anything - I install the system, make 2 recovery keys (one
for the LOCAL ADMIN and one for the DOMAIN ADMIN) and hide 'em away inna SAFE.
Get yourself a little USB drive and encryption program for your own personal
use. At least it doesn't rely on stuff like MS EFS or the idiots in IT.

Ed
 
Back
Top