Problem with EFS in W2K....help!

[Daniel Bonning]

Alright, here's the scenario:

I am on a W2K network, where every AD user has a personal
drive mapped in Windows (which is defined in our AD
profiles as G. The actual drive space resides on our
file server and only the user and the domain administrator
have access to it.

Since the files that I keep on my G: drive are mostly of a
personal nature, I had the brilliant idea to create a
subfolder called "personal" and encrypt it and all files
within it.

This worked liked a charm until recently. All of a sudden,
I can no longer access my own files!...nor can the domain
admin.

The only major change on our network has been a move from
Exchange 2000 to Exchange 2003 on our main domain
controller. Also, several times, we have run out of drive
space on the system partition of our file server (which is
also a domain controller) but that has been rectified.

What the heck can I do to retrieve my encrypted files?
When I try to decrypt the folder "personal" and its
contents, the action just fails

Please help. E-mail: (e-mail address removed) THANKS!

 

[Miha Pihler]

In Windows 2000 there has to be a Recover Agent which is usally
Administrator (by default). This could as well be your local computer
administrator account. He should be able to open this files for you.

Regards,

Mike

 

[Steven Umbach]

Encrypting files over then network can complicate things and unless you had your
user EFS private key imported onto that server you may not be able to decrypt
the files if you copied them to your local computer for decryption, so try to
decrypt tem on the server if you tried to do such on your local machine. If that
does not work use efsinfo /r /c on your files to see who is the recovery agent
and their certificates thumbprint which can help you track down the right
certificate/private key combo that should be able to decrypt your files. The
recovery agent could be the built in administrator account on that server or a
domain account which would be the built in administrator account on the first
domain controller in the domain by default [thumbprint info can help track down
correct account]. If you are using a XP Pro computer and your password was
"reset" by an administrator, that will cause loss of access to your EFS files
though if you change your password back to what it was before the reset you may
regain access. The links below may help. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;243026
http://support.microsoft.com/default.aspx?scid=kb;en-us;255742

 

[Daniel Bonning]

Looks like I'm screwed I tried having the domain admin
take ownership of the folder, importing the cert key on
the file server, having the local admin of the workstation
import the cert. Nothing is working. I just don't get it.
Two weeks ago everything was fine and now nobody can
decrypt the files....

Doh!

-----Original Message-----
Encrypting files over then network can complicate things and unless you had your
user EFS private key imported onto that server you may not be able to decrypt
the files if you copied them to your local computer for decryption, so try to
decrypt tem on the server if you tried to do such on your local machine. If that
does not work use efsinfo /r /c on your files to see who is the recovery agent
and their certificates thumbprint which can help you track down the right
certificate/private key combo that should be able to decrypt your files. The
recovery agent could be the built in administrator account on that server or a
domain account which would be the built in administrator account on the first
domain controller in the domain by default [thumbprint info can help track down
correct account]. If you are using a XP Pro computer and your password was
"reset" by an administrator, that will cause loss of access to your EFS files
though if you change your password back to what it was before the reset you may
regain access. The links below may help. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us% 3B243026

http://support.microsoft.com/default.aspx?scid=kb;en-us%

3B255742

Alright, here's the scenario:

I am on a W2K network, where every AD user has a personal
drive mapped in Windows (which is defined in our AD
profiles as G. The actual drive space resides on our
file server and only the user and the domain administrator
have access to it.

Since the files that I keep on my G: drive are mostly of a
personal nature, I had the brilliant idea to create a
subfolder called "personal" and encrypt it and all files
within it.

This worked liked a charm until recently. All of a sudden,
I can no longer access my own files!...nor can the domain
admin.

The only major change on our network has been a move from
Exchange 2000 to Exchange 2003 on our main domain
controller. Also, several times, we have run out of drive
space on the system partition of our file server (which is
also a domain controller) but that has been rectified.

What the heck can I do to retrieve my encrypted files?
When I try to decrypt the folder "personal" and its
contents, the action just fails

Please help. E-mail: (e-mail address removed) THANKS!

.

 

[Steven L Umbach]

Ouch, sorry to hear you are not making any progress. Make sure that the steps below
are being followed to import the certificate AND the EFS private key for the recovery
agent. You must use a .pfx file that will require a password to protect the private
key before it can be created and then copied and imported/installed on the computer
for attempted recovery. Just importing the certificate [public key] in a .cer file
will not work. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;242296

Looks like I'm screwed I tried having the domain admin
take ownership of the folder, importing the cert key on
the file server, having the local admin of the workstation
import the cert. Nothing is working. I just don't get it.
Two weeks ago everything was fine and now nobody can
decrypt the files....

Doh!

-----Original Message-----
Encrypting files over then network can complicate things and unless you had your
user EFS private key imported onto that server you may not be able to decrypt
the files if you copied them to your local computer for decryption, so try to
decrypt tem on the server if you tried to do such on your local machine. If that
does not work use efsinfo /r /c on your files to see who is the recovery agent
and their certificates thumbprint which can help you track down the right
certificate/private key combo that should be able to decrypt your files. The
recovery agent could be the built in administrator account on that server or a
domain account which would be the built in administrator account on the first
domain controller in the domain by default [thumbprint info can help track down
correct account]. If you are using a XP Pro computer and your password was
"reset" by an administrator, that will cause loss of access to your EFS files
though if you change your password back to what it was before the reset you may
regain access. The links below may help. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us% 3B243026

http://support.microsoft.com/default.aspx?scid=kb;en-us%

3B255742

Alright, here's the scenario:

I am on a W2K network, where every AD user has a personal
drive mapped in Windows (which is defined in our AD
profiles as G. The actual drive space resides on our
file server and only the user and the domain administrator
have access to it.

Since the files that I keep on my G: drive are mostly of a
personal nature, I had the brilliant idea to create a
subfolder called "personal" and encrypt it and all files
within it.

This worked liked a charm until recently. All of a sudden,
I can no longer access my own files!...nor can the domain
admin.

The only major change on our network has been a move from
Exchange 2000 to Exchange 2003 on our main domain
controller. Also, several times, we have run out of drive
space on the system partition of our file server (which is
also a domain controller) but that has been rectified.

What the heck can I do to retrieve my encrypted files?
When I try to decrypt the folder "personal" and its
contents, the action just fails

Please help. E-mail: (e-mail address removed) THANKS!

.