Unable to open secured folder

[Guest]

Hello
Recently my windows 2000 pro operating system crashed.
I had made a power user in my own name and using NTFS file system I had
given security to one folder. I had denied access for everyone to this
folder. I had kept my excel files in this folder in which all my bank
transactions were kept.
I was not able to repair the crashed operating system. Thereafter I
configured windows 2000 server on my PC and moved my secured data to
different partition. After this I again loaded the windows 2000 pro operating
system without formatting any of the drives.
Now I am not able to open my secured files.
This is how one can try the experiment.
1. I logged off ‘Administrator’ and changed to power user ‘self’ having log
in password.
2. I made a folder ‘SelfData’ and kept some Excel , Word and wordpad files.
3. I right clicked the folder and went to properties.
4. Under ‘security’ tab I unchecked the check box ‘Allow inheritable
permissions from parent to propagate to this object.’
5. With this a security dialog flashed asking’ you are preventing any
inheritable permissions from propagating to this object. What do you want to
do?’ I pressed ‘Remove’ button.
6. At this time under the ‘security’ tab no owner was shown. I clicked
‘Advanced’ button.
7. Now a Dialog box ‘Access control settings for Network’ appeared. In this
under ‘Permissions’ tab I clicked ‘Add’ and added power user ‘self’.
8. With this a new dialog box appered ‘Permission Entry for Network’. Under
‘allow’ I checked all check boxes and then clicked OK.
9. Then ‘Apply’ and ‘OK’ buttons under ‘ Access Control Settings for
Network..’
10. Then I logged off ‘self’ and changed to ‘Administrator’.
11. I couldn’t get direct access to the folder. So under properties I took
the ownership of that folder.
12. I could now see the files in that folder.
13. Now when I tried to open that particular file say Excel file I got the
message ‘ Excel can not access particular file. The document may be read only
or encrypted.’

I MADE A FOLDER “SelfData2’ UNDER ADMINISTRATOR AND LOGGED OFF AND CHANGED
TO USER ‘self’. I COPIED SOME FILES IN THIS FOLDER AND REPEATED THE ABOVE
PROCEDURE. THIS TIME I COULD OPEN THE FILES.

This appears to be very good security feature. But how to decrypt the files.
I have tried with mmc and consoles and tried to import encryption and
recovery certificates. But this didn’t work.

In market there are plethora of third party licensed software for folder
security. Why so much complications in Microsoft for a user.

 

[Steven L Umbach]

Are the files encrypted with EFS? Check the folder properties/advanced to
see if the encryption attribute is selected. If it is you may never be able
to access those files unless you had previously exported the user or
Recovery Agent certificate AND private key to a .pfx file that could
possibly be imported to the computer/user to decrypt the files. It is not
good enough to import the certificate [public key alone] via a .cer file. If
you have a backup of the user's profile from a time after the files were
encrypted and know that users' password you might be able to recover any EFS
encrypted files for that user with the help of Microsoft support or a not
free third part tool. Such is the nature of file encryption as the
certificate/private keys used to access the files are unique or else the
encryption would be useless. The efsinfo tool can be used to see what
users/certificates are associated with an EFS encrypted file. --- Steve

 

[Guest]

I tried with efsinfo from Microsoft TechNet Article ID 243026
‘Using Efsinfo.exe to determine information about encrypted files’. But this
Efsinfo.exe file is not available on my standalone PC. It is clearly written
in this article that ‘Stand-alone Windows 2000 workstations and servers do
not display the recovery agent information. The default recovery agent for
all stand-alone computers is the local Administrator account.’

I couldn’t solve this problem using google help.

No files in this folder are encrypted or read only. Only the folder is
secured. This is applicable to all types of files not just MSoffice files. In
the above trial if we move some files in user mode who has secured the
folder, other users even administrator can’t see the contents of these files.
This appears to be a good feature of folder protection. But how to make use
of this?

Dhuri

Are the files encrypted with EFS? Check the folder properties/advanced to
see if the encryption attribute is selected. If it is you may never be able
to access those files unless you had previously exported the user or
Recovery Agent certificate AND private key to a .pfx file that could
possibly be imported to the computer/user to decrypt the files. It is not
good enough to import the certificate [public key alone] via a .cer file. If
you have a backup of the user's profile from a time after the files were
encrypted and know that users' password you might be able to recover any EFS
encrypted files for that user with the help of Microsoft support or a not
free third part tool. Such is the nature of file encryption as the
certificate/private keys used to access the files are unique or else the
encryption would be useless. The efsinfo tool can be used to see what
users/certificates are associated with an EFS encrypted file. --- Steve

Hello
Recently my windows 2000 pro operating system crashed.
I had made a power user in my own name and using NTFS file system I had
given security to one folder. I had denied access for everyone to this
folder. I had kept my excel files in this folder in which all my bank
transactions were kept.
I was not able to repair the crashed operating system. Thereafter I
configured windows 2000 server on my PC and moved my secured data to
different partition. After this I again loaded the windows 2000 pro
operating
system without formatting any of the drives.
Now I am not able to open my secured files.
This is how one can try the experiment.
1. I logged off 'Administrator' and changed to power user 'self' having
log
in password.
2. I made a folder 'SelfData' and kept some Excel , Word and wordpad
files.
3. I right clicked the folder and went to properties.
4. Under 'security' tab I unchecked the check box 'Allow inheritable
permissions from parent to propagate to this object.'
5. With this a security dialog flashed asking' you are preventing any
inheritable permissions from propagating to this object. What do you want
to
do?' I pressed 'Remove' button.
6. At this time under the 'security' tab no owner was shown. I clicked
'Advanced' button.
7. Now a Dialog box 'Access control settings for Network' appeared. In
this
under 'Permissions' tab I clicked 'Add' and added power user 'self'.
8. With this a new dialog box appered 'Permission Entry for Network'.
Under
'allow' I checked all check boxes and then clicked OK.
9. Then 'Apply' and 'OK' buttons under ' Access Control Settings for
Network..'
10. Then I logged off 'self' and changed to 'Administrator'.
11. I couldn't get direct access to the folder. So under properties I took
the ownership of that folder.
12. I could now see the files in that folder.
13. Now when I tried to open that particular file say Excel file I got the
message ' Excel can not access particular file. The document may be read
only
or encrypted.'

I MADE A FOLDER "SelfData2' UNDER ADMINISTRATOR AND LOGGED OFF AND CHANGED
TO USER 'self'. I COPIED SOME FILES IN THIS FOLDER AND REPEATED THE ABOVE
PROCEDURE. THIS TIME I COULD OPEN THE FILES.

This appears to be very good security feature. But how to decrypt the
files.
I have tried with mmc and consoles and tried to import encryption and
recovery certificates. But this didn't work.

In market there are plethora of third party licensed software for folder
security. Why so much complications in Microsoft for a user.

 

[Steven L Umbach]

You can download efsinfo to use on any Windows 2000 computer but it will
only show information for encrypted files. You can also use the built in
cipher command to see if any files are encrypted with EFS. I believe you
already said that you changed ownership on the files to administrators. If
the files are not encrypted with EFS, double check that administrators are
indeed owner of the locked out files. Being the owner of a folder/file alone
does not give an administrator access but it does allow the administrator to
change permissions and add administrators group to the access list of the
folder/file with full control and then he should be able to gain access. As
far as being read only, that may not mean file permissions but file
attribute. Open the file properties and if read only is selected, uncheck it
to see what happens. If that does not work I would suspect a third party
encryption program being used or possibly the files are protected via
Digital Rights Management which is not that common and would require a more
complex network configuration including a Certificate Authority which would
most likely not be found on a home users network. Also be sure to run Check
Disk on your computer in case there is file corruption. --- Steve

'

I tried with efsinfo from Microsoft TechNet Article ID 243026
'Using Efsinfo.exe to determine information about encrypted files'. But
this
Efsinfo.exe file is not available on my standalone PC. It is clearly
written
in this article that 'Stand-alone Windows 2000 workstations and servers do
not display the recovery agent information. The default recovery agent for
all stand-alone computers is the local Administrator account.'

I couldn't solve this problem using google help.

No files in this folder are encrypted or read only. Only the folder is
secured. This is applicable to all types of files not just MSoffice files.
In
the above trial if we move some files in user mode who has secured the
folder, other users even administrator can't see the contents of these
files.
This appears to be a good feature of folder protection. But how to make
use
of this?

Dhuri

Are the files encrypted with EFS? Check the folder properties/advanced to
see if the encryption attribute is selected. If it is you may never be
able
to access those files unless you had previously exported the user or
Recovery Agent certificate AND private key to a .pfx file that could
possibly be imported to the computer/user to decrypt the files. It is not
good enough to import the certificate [public key alone] via a .cer file.
If
you have a backup of the user's profile from a time after the files were
encrypted and know that users' password you might be able to recover any
EFS
encrypted files for that user with the help of Microsoft support or a not
free third part tool. Such is the nature of file encryption as the
certificate/private keys used to access the files are unique or else the
encryption would be useless. The efsinfo tool can be used to see what
users/certificates are associated with an EFS encrypted file. --- Steve

Hello
Recently my windows 2000 pro operating system crashed.
I had made a power user in my own name and using NTFS file system I had
given security to one folder. I had denied access for everyone to this
folder. I had kept my excel files in this folder in which all my bank
transactions were kept.
I was not able to repair the crashed operating system. Thereafter I
configured windows 2000 server on my PC and moved my secured data to
different partition. After this I again loaded the windows 2000 pro
operating
system without formatting any of the drives.
Now I am not able to open my secured files.
This is how one can try the experiment.
1. I logged off 'Administrator' and changed to power user 'self' having
log
in password.
2. I made a folder 'SelfData' and kept some Excel , Word and wordpad
files.
3. I right clicked the folder and went to properties.
4. Under 'security' tab I unchecked the check box 'Allow inheritable
permissions from parent to propagate to this object.'
5. With this a security dialog flashed asking' you are preventing any
inheritable permissions from propagating to this object. What do you
want
to
do?' I pressed 'Remove' button.
6. At this time under the 'security' tab no owner was shown. I clicked
'Advanced' button.
7. Now a Dialog box 'Access control settings for Network' appeared. In
this
under 'Permissions' tab I clicked 'Add' and added power user 'self'.
8. With this a new dialog box appered 'Permission Entry for Network'.
Under
'allow' I checked all check boxes and then clicked OK.
9. Then 'Apply' and 'OK' buttons under ' Access Control Settings for
Network..'
10. Then I logged off 'self' and changed to 'Administrator'.
11. I couldn't get direct access to the folder. So under properties I
took
the ownership of that folder.
12. I could now see the files in that folder.
13. Now when I tried to open that particular file say Excel file I got
the
message ' Excel can not access particular file. The document may be
read
only
or encrypted.'

I MADE A FOLDER "SelfData2' UNDER ADMINISTRATOR AND LOGGED OFF AND
CHANGED
TO USER 'self'. I COPIED SOME FILES IN THIS FOLDER AND REPEATED THE
ABOVE
PROCEDURE. THIS TIME I COULD OPEN THE FILES.

This appears to be very good security feature. But how to decrypt the
files.
I have tried with mmc and consoles and tried to import encryption and
recovery certificates. But this didn't work.

In market there are plethora of third party licensed software for
folder
security. Why so much complications in Microsoft for a user.

 

[Guest]

As an administrator I can take the ownership of the folder. But while copying
the files from this folder to other computers or even floppy I get the
message ‘ Cannot copy. Access denied. The source file may be in use.’
I downloaded and executed the efsinfo.exe file from sit
http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/efsinfo-o.asp
But I could not execute it as I got the message at command prompt and this
is not recognized as an internal or external command.
With built in cipher command my encrypted folder was not detected.
Please note that none of the file attributes in this folder are read only.
Also these files are not corrupt.

You can download efsinfo to use on any Windows 2000 computer but it will
only show information for encrypted files. You can also use the built in
cipher command to see if any files are encrypted with EFS. I believe you
already said that you changed ownership on the files to administrators. If
the files are not encrypted with EFS, double check that administrators are
indeed owner of the locked out files. Being the owner of a folder/file alone
does not give an administrator access but it does allow the administrator to
change permissions and add administrators group to the access list of the
folder/file with full control and then he should be able to gain access. As
far as being read only, that may not mean file permissions but file
attribute. Open the file properties and if read only is selected, uncheck it
to see what happens. If that does not work I would suspect a third party
encryption program being used or possibly the files are protected via
Digital Rights Management which is not that common and would require a more
complex network configuration including a Certificate Authority which would
most likely not be found on a home users network. Also be sure to run Check
Disk on your computer in case there is file corruption. --- Steve

'

I tried with efsinfo from Microsoft TechNet Article ID 243026
'Using Efsinfo.exe to determine information about encrypted files'. But
this
Efsinfo.exe file is not available on my standalone PC. It is clearly
written
in this article that 'Stand-alone Windows 2000 workstations and servers do
not display the recovery agent information. The default recovery agent for
all stand-alone computers is the local Administrator account.'

I couldn't solve this problem using google help.

No files in this folder are encrypted or read only. Only the folder is
secured. This is applicable to all types of files not just MSoffice files.
In
the above trial if we move some files in user mode who has secured the
folder, other users even administrator can't see the contents of these
files.
This appears to be a good feature of folder protection. But how to make
use
of this?

Dhuri

Are the files encrypted with EFS? Check the folder properties/advanced to
see if the encryption attribute is selected. If it is you may never be
able
to access those files unless you had previously exported the user or
Recovery Agent certificate AND private key to a .pfx file that could
possibly be imported to the computer/user to decrypt the files. It is not
good enough to import the certificate [public key alone] via a .cer file.
If
you have a backup of the user's profile from a time after the files were
encrypted and know that users' password you might be able to recover any
EFS
encrypted files for that user with the help of Microsoft support or a not
free third part tool. Such is the nature of file encryption as the
certificate/private keys used to access the files are unique or else the
encryption would be useless. The efsinfo tool can be used to see what
users/certificates are associated with an EFS encrypted file. --- Steve



Hello
Recently my windows 2000 pro operating system crashed.
I had made a power user in my own name and using NTFS file system I had
given security to one folder. I had denied access for everyone to this
folder. I had kept my excel files in this folder in which all my bank
transactions were kept.
I was not able to repair the crashed operating system. Thereafter I
configured windows 2000 server on my PC and moved my secured data to
different partition. After this I again loaded the windows 2000 pro
operating
system without formatting any of the drives.
Now I am not able to open my secured files.
This is how one can try the experiment.
1. I logged off 'Administrator' and changed to power user 'self' having
log
in password.
2. I made a folder 'SelfData' and kept some Excel , Word and wordpad
files.
3. I right clicked the folder and went to properties.
4. Under 'security' tab I unchecked the check box 'Allow inheritable
permissions from parent to propagate to this object.'
5. With this a security dialog flashed asking' you are preventing any
inheritable permissions from propagating to this object. What do you
want
to
do?' I pressed 'Remove' button.
6. At this time under the 'security' tab no owner was shown. I clicked
'Advanced' button.
7. Now a Dialog box 'Access control settings for Network' appeared. In
this
under 'Permissions' tab I clicked 'Add' and added power user 'self'.
8. With this a new dialog box appered 'Permission Entry for Network'.
Under
'allow' I checked all check boxes and then clicked OK.
9. Then 'Apply' and 'OK' buttons under ' Access Control Settings for
Network..'
10. Then I logged off 'self' and changed to 'Administrator'.
11. I couldn't get direct access to the folder. So under properties I
took
the ownership of that folder.
12. I could now see the files in that folder.
13. Now when I tried to open that particular file say Excel file I got
the
message ' Excel can not access particular file. The document may be
read
only
or encrypted.'

I MADE A FOLDER "SelfData2' UNDER ADMINISTRATOR AND LOGGED OFF AND
CHANGED
TO USER 'self'. I COPIED SOME FILES IN THIS FOLDER AND REPEATED THE
ABOVE
PROCEDURE. THIS TIME I COULD OPEN THE FILES.

This appears to be very good security feature. But how to decrypt the
files.
I have tried with mmc and consoles and tried to import encryption and
recovery certificates. But this didn't work.

In market there are plethora of third party licensed software for
folder
security. Why so much complications in Microsoft for a user.

 

[Steven L Umbach]

If cipher did not report any folder/files as E then EFS encryption is not
being used. Efsinfo should have worked, maybe you need to specify the full
path to it from the error message you got. Try to copy the file from safe
mode to see if that helps. If that all fails I would tend to believe a third
party encryption program is being used. --- Steve

As an administrator I can take the ownership of the folder. But while
copying
the files from this folder to other computers or even floppy I get the
message ' Cannot copy. Access denied. The source file may be in use.'
I downloaded and executed the efsinfo.exe file from site
http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/efsinfo-o.asp
But I could not execute it as I got the message at command prompt and this
is not recognized as an internal or external command.
With built in cipher command my encrypted folder was not detected.
Please note that none of the file attributes in this folder are read only.
Also these files are not corrupt.

You can download efsinfo to use on any Windows 2000 computer but it will
only show information for encrypted files. You can also use the built in
cipher command to see if any files are encrypted with EFS. I believe you
already said that you changed ownership on the files to administrators.
If
the files are not encrypted with EFS, double check that administrators
are
indeed owner of the locked out files. Being the owner of a folder/file
alone
does not give an administrator access but it does allow the administrator
to
change permissions and add administrators group to the access list of the
folder/file with full control and then he should be able to gain access.
As
far as being read only, that may not mean file permissions but file
attribute. Open the file properties and if read only is selected, uncheck
it
to see what happens. If that does not work I would suspect a third party
encryption program being used or possibly the files are protected via
Digital Rights Management which is not that common and would require a
more
complex network configuration including a Certificate Authority which
would
most likely not be found on a home users network. Also be sure to run
Check
Disk on your computer in case there is file corruption. --- Steve

'

I tried with efsinfo from Microsoft TechNet Article ID 243026
'Using Efsinfo.exe to determine information about encrypted files'. But
this
Efsinfo.exe file is not available on my standalone PC. It is clearly
written
in this article that 'Stand-alone Windows 2000 workstations and servers
do
not display the recovery agent information. The default recovery agent
for
all stand-alone computers is the local Administrator account.'

I couldn't solve this problem using google help.

No files in this folder are encrypted or read only. Only the folder is
secured. This is applicable to all types of files not just MSoffice
files.
In
the above trial if we move some files in user mode who has secured the
folder, other users even administrator can't see the contents of these
files.
This appears to be a good feature of folder protection. But how to make
use
of this?

Dhuri


:

Are the files encrypted with EFS? Check the folder properties/advanced
to
see if the encryption attribute is selected. If it is you may never be
able
to access those files unless you had previously exported the user or
Recovery Agent certificate AND private key to a .pfx file that could
possibly be imported to the computer/user to decrypt the files. It is
not
good enough to import the certificate [public key alone] via a .cer
file.
If
you have a backup of the user's profile from a time after the files
were
encrypted and know that users' password you might be able to recover
any
EFS
encrypted files for that user with the help of Microsoft support or a
not
free third part tool. Such is the nature of file encryption as the
certificate/private keys used to access the files are unique or else
the
encryption would be useless. The efsinfo tool can be used to see what
users/certificates are associated with an EFS encrypted file. ---
Steve



Hello
Recently my windows 2000 pro operating system crashed.
I had made a power user in my own name and using NTFS file system I
had
given security to one folder. I had denied access for everyone to
this
folder. I had kept my excel files in this folder in which all my
bank
transactions were kept.
I was not able to repair the crashed operating system. Thereafter I
configured windows 2000 server on my PC and moved my secured data to
different partition. After this I again loaded the windows 2000 pro
operating
system without formatting any of the drives.
Now I am not able to open my secured files.
This is how one can try the experiment.
1. I logged off 'Administrator' and changed to power user 'self'
having
log
in password.
2. I made a folder 'SelfData' and kept some Excel , Word and wordpad
files.
3. I right clicked the folder and went to properties.
4. Under 'security' tab I unchecked the check box 'Allow inheritable
permissions from parent to propagate to this object.'
5. With this a security dialog flashed asking' you are preventing
any
inheritable permissions from propagating to this object. What do
you
want
to
do?' I pressed 'Remove' button.
6. At this time under the 'security' tab no owner was shown. I
clicked
'Advanced' button.
7. Now a Dialog box 'Access control settings for Network' appeared.
In
this
under 'Permissions' tab I clicked 'Add' and added power user 'self'.
8. With this a new dialog box appered 'Permission Entry for
Network'.
Under
'allow' I checked all check boxes and then clicked OK.
9. Then 'Apply' and 'OK' buttons under ' Access Control Settings for
Network..'
10. Then I logged off 'self' and changed to 'Administrator'.
11. I couldn't get direct access to the folder. So under properties
I
took
the ownership of that folder.
12. I could now see the files in that folder.
13. Now when I tried to open that particular file say Excel file I
got
the
message ' Excel can not access particular file. The document may be
read
only
or encrypted.'

I MADE A FOLDER "SelfData2' UNDER ADMINISTRATOR AND LOGGED OFF AND
CHANGED
TO USER 'self'. I COPIED SOME FILES IN THIS FOLDER AND REPEATED THE
ABOVE
PROCEDURE. THIS TIME I COULD OPEN THE FILES.

This appears to be very good security feature. But how to decrypt
the
files.
I have tried with mmc and consoles and tried to import encryption
and
recovery certificates. But this didn't work.

In market there are plethora of third party licensed software for
folder
security. Why so much complications in Microsoft for a user.