EFS / moving files

  • Thread starter Thread starter Don
  • Start date Start date
D

Don

I think I blew it but maybe not?

I am on a working vacation with my family, about a 2 hour drive from
my office. I took with me a disk image (Drive Image) of important
work. Unfortunately, one of the folders is encrypted using Windows
EFS and I forgot to decrypt the folder before making the image and it
refuses to allow me to restore files from that folder.

The options I have thought of are:

1. Drive back to my office, decrypt, and re-image (or just archive
the drive by copying straight to DVD);

2. Drive back to my office and export the certificate (or just pick
up the floppy-archive version of the certificate that is safe and
sound - in my office!) and then see if I can import it onto my laptop
and then access the folder (however, Drive Image "mounts" the image as
a drive and what little I have read about importing certificates often
says that it won't work with "dynamic" drives so is a "mounted" drive
the same as a "dynamic" drive?);
or

3. See whether someone not nearly as dumb as me has a better idea. I
have available to me a laptop with NTFS and XP Pro, and I do of course
know the username and password of the account under which the files
were encrypted. I presume that just creating an account of the same
name and using the same password on another machine will not gain me
access - right?

I might consider paying for a utility that I could download that would
save me a good chunk of a day on the road. Sheesh - I should have
known better.

Does anyone have any thoughts? I would be most grateful.

Thanks, Don Changer
 
If you do not have access to your personal encryption certificate
(with its associated private key), you won't be able to use your
encrypted files. No back door exists, nor is there any practical
way to hack these files.
(If there were, it wouldn't be very good encryption.)

HOW TO: Remove File Encryption in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;q308993&sd=tech

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

------------------------------------------------------------------------------

"Don" (e-mail address removed) wrote in message:

|I think I blew it but maybe not?
|
| I am on a working vacation with my family, about a 2 hour drive from
| my office. I took with me a disk image (Drive Image) of important
| work. Unfortunately, one of the folders is encrypted using Windows
| EFS and I forgot to decrypt the folder before making the image and it
| refuses to allow me to restore files from that folder.
|
| The options I have thought of are:
|
| 1. Drive back to my office, decrypt, and re-image (or just archive
| the drive by copying straight to DVD);
|
| 2. Drive back to my office and export the certificate (or just pick
| up the floppy-archive version of the certificate that is safe and
| sound - in my office!) and then see if I can import it onto my laptop
| and then access the folder (however, Drive Image "mounts" the image as
| a drive and what little I have read about importing certificates often
| says that it won't work with "dynamic" drives so is a "mounted" drive
| the same as a "dynamic" drive?);
| or
|
| 3. See whether someone not nearly as dumb as me has a better idea. I
| have available to me a laptop with NTFS and XP Pro, and I do of course
| know the username and password of the account under which the files
| were encrypted. I presume that just creating an account of the same
| name and using the same password on another machine will not gain me
| access - right?
|
| I might consider paying for a utility that I could download that would
| save me a good chunk of a day on the road. Sheesh - I should have
| known better.
|
| Does anyone have any thoughts? I would be most grateful.
|
| Thanks, Don Changer
 
Don,

Option 2 should work.

Just make sure that when you export the certificate, you select the option
to export the private key.

-Matt

===
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
 
Thanks for the reply, but it appears to me that #2 does not in fact
work.

I did in fact return to my office and exported both the certificate
and the private key. I then imported them (not understanding exactly
the difference between them, I tried importing just one, then the
other, then both) and tried accessing the files again. I did get
further, now being able to see the names of sub-folders within the
encrypted folder, but still could not copy or open individual files.
However, now the error message was something along the lines of
"Access is denied", and because I was now getting further than before,
I surmised that perhaps this was an ownership issue, not an encryption
issue.

So, I tried to take ownership of the folder in question (turn off
simple security then change owner on security tab). XP proceeded as
if it was in fact changing the owner for every folder and sub-folder
(and it took some time), but still when I tried to open an individual
file, no joy. If I understand correctly, Drive Image 7 provides
access to its image files by mounting a virtual volume, and I think
that this "drive" is read-only but may not "tell" XP that it is
read-only, so when XP attempted to change ownership, it had no way of
knowing that it could not actually write those changes (this assumes
that XP actually writes something to an NTFS drive when it changes
ownership, something that sounds reasonable to me but about which I
know nothing).

So, I guess if my assumptions are correct, my question becomes: is it
possible to change ownership of files and folders on a read-only NTFS
volume (I do have the certificate and private key under which they
were encrypted, and of course the name and password for the owner
under which they were created, plus adminstrative rights on the
computer in which the "drive" is now "installed")?

A related question: is it redundant and a complete waste to encrypt a
folder and also to mark it as private (I am guessing here that if I
had left the original folder encrypted but not private, I'd now have
access to it)?

Thanks for any thoughts,

Don Changer
 
Back
Top