Search Forums
knoppix?
-
Jun 19th, 2005 08:22 AM #1
XP - EFS Error
I migrated a user to a domain, and I did not know one of the folders on his hard drive was "encrypted" with Windows EFS. The migration went fine, but now he does not have access to the encrypted folder.
The folder was encrypted when his account was a "local administrator" account. Now he is a user on the domain. After some googling, it seems his certificates probably do not match anymore.
Any idea how I can get his access again?
Reply With Quote
LOG IN TO THANK
No one has yet thanked enforcerviper for this post.
-
Sponsored Links - Join the RedFlagDeals.com community and remove this ad.
-
Jun 19th, 2005 08:47 AM #2Moderator
[OP]
- Join Date
- Aug 29th, 2001
- Location
- Mississauga
- Posts
- 6,738
Reply With Quote
LOG IN TO THANK
No one has yet thanked enforcerviper for this post.
-
Jun 19th, 2005 10:13 AM #3
Have the user logon to the local account that he used when he was not part of the domain. The local computer should be an option in the drop down box where you see the domain listed. He can then turn off the encryption by removing the check mark from the properties - advanced - encrypt the contents to secure data.
Apart from the original user or a recovery agent, it is impossible to recover this (nothing is impossible, but it would be for a non-government, non-mainframe owning person).
The recovery agent would have to have been set by the user or administrator on the local computer, and in your case would have to have been on the local machine.
I suggest you tell your user to avoid using EFS in the Domain, until you and they know more about recovery proceedures.
-=sMoothEric=- Reply With Quote
LOG IN TO THANK
No one has yet thanked sMoothEric for this post.
-
Jun 19th, 2005 10:38 AM #4Moderator
[OP]
- Join Date
- Aug 29th, 2001
- Location
- Mississauga
- Posts
- 6,738
The account was migrated to the domain.
Originally Posted by sMoothEric
The laptop was an IBM thinkpad and the account was the default "Our Valued Customer" administrator account. There is however the xp built in local administrator account. Is that useful in this situation? Reply With Quote
LOG IN TO THANK
No one has yet thanked enforcerviper for this post.
-
Jun 19th, 2005 11:09 AM #5
It depends.
If by migration you mean the original account on the local computer was deleted from the "local user and groups", then you have trouble. The built in "administrator" account can be a recovery agent, but this would have to be assigned after the local user was created.
EFS uses cerificates created for this purpose and they can be seen in a few places: "Internet Explorer - properties - content - certificates". If you haven't made an EFS file you will not see one.
The certificate is stored with the profile - I think. If the profile is still there "c:\documents and settings\yourusernamehere" you might be able to recover this certificate.
I see no reason for the local account to be removed with a "migration".
As an aside, if anyone but the original user changes their password EFS will stop them from accessing their files...EG: user forgets password. Administrator resets it. User cannot open EFS files.
This link
http://www.beginningtoseethelight.or...very/index.php
Seems to have some interesting info that might help you.
-=sMoothEric=-Last edited by sMoothEric; Jun 19th, 2005 at 11:12 AM.
Reply With Quote
LOG IN TO THANK
No one has yet thanked sMoothEric for this post.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
