Encrypted Folders and Upgrading to XP

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I just upgraded a machine to XP from 2K, and found that the encrypted folders
(EFS) on the NTFS data disk are no longer accessable. The permissions on the
folders are still set correctly, but I am unable to access, copy or disable
encryption.
The domain user accounts are still valid, so I am assuming this has
something to do with the SID from the 2K install vs the new SID for the XP
install.
Is there any way to recover these files? (the old machine account has been
deleted from the domain).

TIA
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Without the encryption key, which the user must export for safe keeping, the
files are useless.

--
Regards,

Richard Urban

aka Crusty (-: Old B@stard :)

If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!


"Chuck Gibson" <Chuck Gibson@discussions.microsoft.com> wrote in message
news:1F51AA04-258F-45CA-AF42-78FEA4E6C7BE@microsoft.com...
>I just upgraded a machine to XP from 2K, and found that the encrypted
>folders
> (EFS) on the NTFS data disk are no longer accessable. The permissions on
> the
> folders are still set correctly, but I am unable to access, copy or
> disable
> encryption.
> The domain user accounts are still valid, so I am assuming this has
> something to do with the SID from the 2K install vs the new SID for the XP
> install.
> Is there any way to recover these files? (the old machine account has been
> deleted from the domain).
>
> TIA
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"Chuck Gibson" <Chuck Gibson@discussions.microsoft.com> wrote in message
news:1F51AA04-258F-45CA-AF42-78FEA4E6C7BE@microsoft.com...
>I just upgraded a machine to XP from 2K, and found that the encrypted
>folders
> (EFS) on the NTFS data disk are no longer accessable. The permissions on
> the
> folders are still set correctly, but I am unable to access, copy or
> disable
> encryption.
> The domain user accounts are still valid, so I am assuming this has
> something to do with the SID from the 2K install vs the new SID for the XP
> install.
> Is there any way to recover these files? (the old machine account has been
> deleted from the domain).
>
> TIA
>

EFS works differently in XP and 2K, and differently again with domain
accounts and local accounts. If there is a designated recovery agent for the
domain you may be able to use that key to unencrypt the files. See the
following link:

http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/windows/xp/all/reskit/en-us/prnb_efs_lnfx.asp

It's a long and hard to understand chapter in the docs. Basically you would
need to export the DRA certificate and key and import them on the computer
with the encrypted files. If the domain admins do not want to allow this key
to be exported (it is a major security risk) then you would have to back up
the files and they could unencrypt them on a different computer.

Kerry
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom