Re: EFS Certificate Needed
Dear Roger;
Thanks again for those words of wisdom. And once again you have filled my
plate and my cup. Thanks.
I noticed one oddity though. When I was reloading the backup files, I could
not load some of them because the encrypted files were still present. I
delegated those encrypted files to the recycle bin. So when I was finised
with all of the transfering and sending to the recycle bin, I wanted to see
what had happened to all of the encrypted files I put in the recycle bin,
and, lo and behold, they were not encrypted anymore but in plain text. Since
I went through the hassle of cataloging and restoring saved files, I decided
to call it a night (morning?) and just emptied the thing. I can live with
that.
--
HonoredWriter
"Roger Abell [MVP]" wrote:
> Backup and save on non-degrading media the EFS DRA .pfx file
> and try to remember its password. That is without doubt the first
> and most important thing you can do once a DRA has been defined.
>
> For EFS encrypted files in the absence of a DRA, the .pfx on a
> per user basis can allow for that user being able to get to their
> EFS encrypted files after a disaster (reformat/install).
>
> Roger
>
> "HonoredWriter" <honoredwriter@dot.com> wrote in message
> news:A6594C7E-13F0-4477-8BAB-A70E90B5DAEB@microsoft.com...
> > Dear GreenieLaBrun;
> > Thanks for the information. Some of which I have read. Thanks to all of
> > you
> > guys for your assistance. The other major thing I did to help myself was
> > to
> > make a backup DVD, so I now have a copy of some of the files, not all, to
> > retore. Foe sure I will follow "Windows Recommendations". Thanks.
> > --
> > HonoredWriter
> >
> >
> > "GreenieLeBrun" wrote:
> >
> >>
> >>
> >> HonoredWriter wrote:
> >> > Dear Brian and Roger;
> >> > The certificates I have were recently installed days after the files
> >> > were encrypted. And I think that I am in a no win situation, because I
> >> > re-installed Windows after the encryption. I should have deciphered
> >> > the files prior to re-installing Windows. The keys have probably been
> >> > discarded/changed. Also I changed the name of the User. It was
> >> > foolish of me to believe that I could decrypt files after I had
> >> > re-installed Windows. The files were not deleted because they are
> >> > located on another drive and partition. I was pulling for straws by
> >> > assuming I could use another certficate to decipher the files. Me
> >> > think I will keep one or two of them on my system to remind me what
> >> > not to do (smile). Thanks for all of your good help with the sharing
> >> > of your knowledge. It is amazing how much smarter one gets when one
> >> > makes a foolish mistake. "If any man thinks he is wise let him become
> >> > a fool so he can become wise."
> >> > Thanks for your assistance.
> >> >
> >> >> One may generate and EFS recovery agent .pfx by use of
> >> >> the cipher utility with the /r option. See cipher /?
> >> >> After being installed, that recovery agent will only have
> >> >> decrypt capabilities on files EFS-touched afterwords.
> >> >>
> >> >> If you believe you already have a recovery agent set up
> >> >> and it is unable to decrypt EFS files, then you probably
> >> >> need to use the efsinfo utility to examine the thumbprint
> >> >> of the files that may not be decrypted, verify that the
> >> >> account from which you attempt actually has the recovery
> >> >> agent private key installed within it, etc.
> >> >>
> >> >> Why is it that you say
> >> >>> The certificates I have are not worthy to be Recovery Agent
> >> >>> certificates even though their intended purposes are clearly
> >> >>> stated.
> >> >> ?? What is it that you are seeing and how? How are you
> >> >> attempting to use this (these?) ?
> >> >>
> >> >>
> >> >> "HonoredWriter" <honoredwriter@dot.com> wrote in message
> >> >> news:29109205-2BD1-4FB3-9465-1F84B2DAD118@microsoft.com...
> >> >>> How do I obtain a Recovery Agent certificate to
> >> >>> recover/restore/decrypt some
> >> >>> previously encripted files? The certificates I have are not worthy
> >> >>> to be Recovery Agent certificates even though their intended
> >> >>> purposes are clearly
> >> >>> stated. ( Shucks, I'm thinking this computer has intuitive
> >> >>> intelligence.) --
> >> >>> HonoredWriter
> >>
> >> If you re-installed Windows AFTER the files were encrypted then, I am
> >> afraid, you are out of luck as the SID (security Identifyer) will have
> >> changed (see http://en.wikipedia.org/wiki/Security_Identifier)
> >>
> >> You may like to peruse the following links for more information on the
> >> EFS
> >>
> >> The Encrypting File System
> >> http://www.microsoft.com/technet/security/topics/cryptographyetc/efs.mspx
> >>
> >> Best practices for the Encrypting File System
> >> http://support.microsoft.com/kb/223316/en-us
> >>
> >> How to back up the recovery agent Encrypting File System (EFS) private
> >> key
> >> in Windows Server 2003, in Windows 2000, and in Windows XP
> >> http://support.microsoft.com/kb/241201
> >>
> >> How To Encrypt a Folder in Windows XP
> >> http://support.microsoft.com/?id=308989
> >>
> >> How To Remove File Encryption in Windows XP
> >> http://support.microsoft.com/?id=308993
> >>
> >> How To Encrypt a File in Windows XP
> >> http://support.microsoft.com/?id=307877
> >>
> >>
> >>
>
>
>