recovery agent cannot decrypt EFS file

G

Guest

Guest
Archived from groups: microsoft.public.win2000.security,microsoft.public.security.crypto (More info?)

Dear All,

I'm the domain RA and I restored a file encrypted by another user to my
machine. All machines are Win2k SP4. Using efsinfo, I checked that my RA
cert is on the file and also installed in my personal store with the private
key available. I checked the thumbprints and they match.

But I still can't decrypt the file. What's up?

Thomas
 
Archived from groups: microsoft.public.win2000.security,microsoft.public.security.crypto (More info?)

Sounds like you should be good to go. One thing to check is that you have
full control permissions on that file and you might try using the cipher
command. In a Windows 2000 domain or Windows 2000 local user, if the user
account still exists try resetting the users password then logging on as the
user on the computer where the file was encrypted and see if you can decrypt
the file. The user's profile and certificate/private key would need to be on
the computer in order for such to work. -- Steve


"Thomas McLeod" <thomas03@mcleodsoft.net.nospam> wrote in message
news:%23zkDFNffFHA.3584@TK2MSFTNGP09.phx.gbl...
>
> Dear All,
>
> I'm the domain RA and I restored a file encrypted by another user to my
> machine. All machines are Win2k SP4. Using efsinfo, I checked that my RA
> cert is on the file and also installed in my personal store with the
> private
> key available. I checked the thumbprints and they match.
>
> But I still can't decrypt the file. What's up?
>
> Thomas
>
>
 
Archived from groups: microsoft.public.win2000.security,microsoft.public.security.crypto (More info?)

"" wrote:
> Sounds like you should be good to go. One thing to check is
> that you have
> full control permissions on that file and you might try using
> the cipher
> command. In a Windows 2000 domain or Windows 2000 local user,
> if the user
> account still exists try resetting the users password then
> logging on as the
> user on the computer where the file was encrypted and see if
> you can decrypt
> the file. The user's profile and certificate/private key would
> need to be on
> the computer in order for such to work. -- Steve
>
>
> "Thomas McLeod" <thomas03@mcleodsoft.net.nospam> wrote in
> message
> news:%23zkDFNffFHA.3584@TK2MSFTNGP09.phx.gbl...
> >
> > Dear All,
> >
> > I'm the domain RA and I restored a file encrypted by another
> user to my
> > machine. All machines are Win2k SP4. Using efsinfo, I
> checked that my RA
> > cert is on the file and also installed in my personal store
> with the
> > private
> > key available. I checked the thumbprints and they match.
> >
> > But I still can't decrypt the file. What's up?
> >
> > Thomas
> >
> >

and if that does not help

see:
http://www.elcomsoft.com/aefsdr.html

Cheers,

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Security-recovery-agent-decrypt-EFS-file-ftopict552089.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1749958
 
Archived from groups: microsoft.public.win2000.security,microsoft.public.security.crypto (More info?)

Yes, I have full control ACL on the file.

I'm doing this in the lab. The file does not have important data. I can
still logon as the original user and decrpt the file. I'm attempting to see
if I can indeed decrypt a file as an RA, but so far it hasn't worked.

This is the output from cipher.

C:\Documents and Settings\Thomas\Desktop>cipher /D /A "to Thomas.txt"

Decrypting files in C:\Documents and Settings\Thomas\Desktop\

to Thomas.txt [ERR]
to Thomas.txt: Access is denied.

0 file(s) [or directorie(s)] within 1 directorie(s) were decrypted.

All help appreciated.

Thomas



"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:OadmrpffFHA.3232@TK2MSFTNGP15.phx.gbl...
> Sounds like you should be good to go. One thing to check is that you have
> full control permissions on that file and you might try using the cipher
> command. In a Windows 2000 domain or Windows 2000 local user, if the user
> account still exists try resetting the users password then logging on as
the
> user on the computer where the file was encrypted and see if you can
decrypt
> the file. The user's profile and certificate/private key would need to be
on
> the computer in order for such to work. -- Steve
>
>
> "Thomas McLeod" <thomas03@mcleodsoft.net.nospam> wrote in message
> news:%23zkDFNffFHA.3584@TK2MSFTNGP09.phx.gbl...
> >
> > Dear All,
> >
> > I'm the domain RA and I restored a file encrypted by another user to my
> > machine. All machines are Win2k SP4. Using efsinfo, I checked that my RA
> > cert is on the file and also installed in my personal store with the
> > private
> > key available. I checked the thumbprints and they match.
> >
> > But I still can't decrypt the file. What's up?
> >
> > Thomas
> >
> >
>
>
 
Archived from groups: microsoft.public.win2000.security,microsoft.public.security.crypto (More info?)

Was the restore to your RA decryption (test) machine done
using NTbackup (bundled with OS) or some other backup
program?

--
Roger Abell
Microsoft MVP (Windows Security)

"Thomas McLeod" <thomas03@mcleodsoft.net.nospam> wrote in message
news:OH%23$2qxfFHA.3936@TK2MSFTNGP14.phx.gbl...
> Yes, I have full control ACL on the file.
>
> I'm doing this in the lab. The file does not have important data. I can
> still logon as the original user and decrpt the file. I'm attempting to
see
> if I can indeed decrypt a file as an RA, but so far it hasn't worked.
>
> This is the output from cipher.
>
> C:\Documents and Settings\Thomas\Desktop>cipher /D /A "to Thomas.txt"
>
> Decrypting files in C:\Documents and Settings\Thomas\Desktop\
>
> to Thomas.txt [ERR]
> to Thomas.txt: Access is denied.
>
> 0 file(s) [or directorie(s)] within 1 directorie(s) were decrypted.
>
> All help appreciated.
>
> Thomas
>
>
>
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:OadmrpffFHA.3232@TK2MSFTNGP15.phx.gbl...
> > Sounds like you should be good to go. One thing to check is that you
have
> > full control permissions on that file and you might try using the cipher
> > command. In a Windows 2000 domain or Windows 2000 local user, if the
user
> > account still exists try resetting the users password then logging on as
> the
> > user on the computer where the file was encrypted and see if you can
> decrypt
> > the file. The user's profile and certificate/private key would need to
be
> on
> > the computer in order for such to work. -- Steve
> >
> >
> > "Thomas McLeod" <thomas03@mcleodsoft.net.nospam> wrote in message
> > news:%23zkDFNffFHA.3584@TK2MSFTNGP09.phx.gbl...
> > >
> > > Dear All,
> > >
> > > I'm the domain RA and I restored a file encrypted by another user to
my
> > > machine. All machines are Win2k SP4. Using efsinfo, I checked that my
RA
> > > cert is on the file and also installed in my personal store with the
> > > private
> > > key available. I checked the thumbprints and they match.
> > >
> > > But I still can't decrypt the file. What's up?
> > >
> > > Thomas
> > >
> > >
> >
> >
>
>
 
Archived from groups: microsoft.public.win2000.security,microsoft.public.security.crypto (More info?)

Can you decrypt any files as the RA or is the problem specific for this user
or file? Another thing to try to make sure your RA private key is intact is
to export your RA certificate/private key to a password protected .pfx file
[.cer file will not contain private key] and then logon to the user's
computer and import your RA certificate/private key via the .pfx file to see
if that works again making sure you have full control permission to the
file. --- Steve


"Thomas McLeod" <thomas03@mcleodsoft.net.nospam> wrote in message
news:OH%23$2qxfFHA.3936@TK2MSFTNGP14.phx.gbl...
> Yes, I have full control ACL on the file.
>
> I'm doing this in the lab. The file does not have important data. I can
> still logon as the original user and decrpt the file. I'm attempting to
> see
> if I can indeed decrypt a file as an RA, but so far it hasn't worked.
>
> This is the output from cipher.
>
> C:\Documents and Settings\Thomas\Desktop>cipher /D /A "to Thomas.txt"
>
> Decrypting files in C:\Documents and Settings\Thomas\Desktop\
>
> to Thomas.txt [ERR]
> to Thomas.txt: Access is denied.
>
> 0 file(s) [or directorie(s)] within 1 directorie(s) were decrypted.
>
> All help appreciated.
>
> Thomas
>
>
>
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:OadmrpffFHA.3232@TK2MSFTNGP15.phx.gbl...
>> Sounds like you should be good to go. One thing to check is that you have
>> full control permissions on that file and you might try using the cipher
>> command. In a Windows 2000 domain or Windows 2000 local user, if the
>> user
>> account still exists try resetting the users password then logging on as
> the
>> user on the computer where the file was encrypted and see if you can
> decrypt
>> the file. The user's profile and certificate/private key would need to be
> on
>> the computer in order for such to work. -- Steve
>>
>>
>> "Thomas McLeod" <thomas03@mcleodsoft.net.nospam> wrote in message
>> news:%23zkDFNffFHA.3584@TK2MSFTNGP09.phx.gbl...
>> >
>> > Dear All,
>> >
>> > I'm the domain RA and I restored a file encrypted by another user to my
>> > machine. All machines are Win2k SP4. Using efsinfo, I checked that my
>> > RA
>> > cert is on the file and also installed in my personal store with the
>> > private
>> > key available. I checked the thumbprints and they match.
>> >
>> > But I still can't decrypt the file. What's up?
>> >
>> > Thomas
>> >
>> >
>>
>>
>
>
 
Archived from groups: microsoft.public.win2000.security,microsoft.public.security.crypto (More info?)

Roger,

It was NTBackup.

By the way, the decrpytion machine is a domain controller. Does that matter?

Thomas

"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:u6Pj3r0fFHA.2840@tk2msftngp13.phx.gbl...
> Was the restore to your RA decryption (test) machine done
> using NTbackup (bundled with OS) or some other backup
> program?
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
>
> "Thomas McLeod" <thomas03@mcleodsoft.net.nospam> wrote in message
> news:OH%23$2qxfFHA.3936@TK2MSFTNGP14.phx.gbl...
> > Yes, I have full control ACL on the file.
> >
> > I'm doing this in the lab. The file does not have important data. I can
> > still logon as the original user and decrpt the file. I'm attempting to
> see
> > if I can indeed decrypt a file as an RA, but so far it hasn't worked.
> >
> > This is the output from cipher.
> >
> > C:\Documents and Settings\Thomas\Desktop>cipher /D /A "to Thomas.txt"
> >
> > Decrypting files in C:\Documents and Settings\Thomas\Desktop\
> >
> > to Thomas.txt [ERR]
> > to Thomas.txt: Access is denied.
> >
> > 0 file(s) [or directorie(s)] within 1 directorie(s) were decrypted.
> >
> > All help appreciated.
> >
> > Thomas
> >
> >
> >
> > "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> > news:OadmrpffFHA.3232@TK2MSFTNGP15.phx.gbl...
> > > Sounds like you should be good to go. One thing to check is that you
> have
> > > full control permissions on that file and you might try using the
cipher
> > > command. In a Windows 2000 domain or Windows 2000 local user, if the
> user
> > > account still exists try resetting the users password then logging on
as
> > the
> > > user on the computer where the file was encrypted and see if you can
> > decrypt
> > > the file. The user's profile and certificate/private key would need to
> be
> > on
> > > the computer in order for such to work. -- Steve
> > >
> > >
> > > "Thomas McLeod" <thomas03@mcleodsoft.net.nospam> wrote in message
> > > news:%23zkDFNffFHA.3584@TK2MSFTNGP09.phx.gbl...
> > > >
> > > > Dear All,
> > > >
> > > > I'm the domain RA and I restored a file encrypted by another user to
> my
> > > > machine. All machines are Win2k SP4. Using efsinfo, I checked that
my
> RA
> > > > cert is on the file and also installed in my personal store with the
> > > > private
> > > > key available. I checked the thumbprints and they match.
> > > >
> > > > But I still can't decrypt the file. What's up?
> > > >
> > > > Thomas
> > > >
> > > >
> > >
> > >
> >
> >
>
>
 
Archived from groups: microsoft.public.win2000.security,microsoft.public.security.crypto (More info?)

Steve,

I've never been able to decrypt any files as RA. I am able to export to key
pair to a .pfx but I haven't tried importing the RA key pair to the user's
machine to test RA recovery. I guess what I should do in that case is import
the keys into my admin profile on that machine, right? It seems importing
them into the account of the user who encrpted the file wouldn't test RA
recovery.

Thanks,

Thomas



"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:lYKdnT3bPa5-H1rfRVn-vA@comcast.com...
> Can you decrypt any files as the RA or is the problem specific for this
user
> or file? Another thing to try to make sure your RA private key is intact
is
> to export your RA certificate/private key to a password protected .pfx
file
> [.cer file will not contain private key] and then logon to the user's
> computer and import your RA certificate/private key via the .pfx file to
see
> if that works again making sure you have full control permission to the
> file. --- Steve
>
>
> "Thomas McLeod" <thomas03@mcleodsoft.net.nospam> wrote in message
> news:OH%23$2qxfFHA.3936@TK2MSFTNGP14.phx.gbl...
> > Yes, I have full control ACL on the file.
> >
> > I'm doing this in the lab. The file does not have important data. I can
> > still logon as the original user and decrpt the file. I'm attempting to
> > see
> > if I can indeed decrypt a file as an RA, but so far it hasn't worked.
> >
> > This is the output from cipher.
> >
> > C:\Documents and Settings\Thomas\Desktop>cipher /D /A "to Thomas.txt"
> >
> > Decrypting files in C:\Documents and Settings\Thomas\Desktop\
> >
> > to Thomas.txt [ERR]
> > to Thomas.txt: Access is denied.
> >
> > 0 file(s) [or directorie(s)] within 1 directorie(s) were decrypted.
> >
> > All help appreciated.
> >
> > Thomas
> >
> >
> >
> > "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> > news:OadmrpffFHA.3232@TK2MSFTNGP15.phx.gbl...
> >> Sounds like you should be good to go. One thing to check is that you ha
ve
> >> full control permissions on that file and you might try using the
cipher
> >> command. In a Windows 2000 domain or Windows 2000 local user, if the
> >> user
> >> account still exists try resetting the users password then logging on
as
> > the
> >> user on the computer where the file was encrypted and see if you can
> > decrypt
> >> the file. The user's profile and certificate/private key would need to
be
> > on
> >> the computer in order for such to work. -- Steve
> >>
> >>
> >> "Thomas McLeod" <thomas03@mcleodsoft.net.nospam> wrote in message
> >> news:%23zkDFNffFHA.3584@TK2MSFTNGP09.phx.gbl...
> >> >
> >> > Dear All,
> >> >
> >> > I'm the domain RA and I restored a file encrypted by another user to
my
> >> > machine. All machines are Win2k SP4. Using efsinfo, I checked that my
> >> > RA
> >> > cert is on the file and also installed in my personal store with the
> >> > private
> >> > key available. I checked the thumbprints and they match.
> >> >
> >> > But I still can't decrypt the file. What's up?
> >> >
> >> > Thomas
> >> >
> >> >
> >>
> >>
> >
> >
>
>
 
Archived from groups: microsoft.public.win2000.security,microsoft.public.security.crypto (More info?)

I would try logging onto a domain computer that has EFS files on it where
you are supposed to be RA and importing your RA .pfx file into that user
account to see if that works. If it does then it would seem there may be a
problem with your backup and restore operation. If it still does not then I
am not sure what the problem is but what I would do is to define an
additional RA, encrypt some files after the domain computers recognizes the
new CA which will need GP to replicate and refresh, and then try again with
the new RA. Logging on as the user and importing the RA would not
demonstrate that the RA was working unless you are 100 percent sure that the
users EFS certificate/private key does not exist on the computer. ---
Steve


"Thomas McLeod" <thomas03@mcleodsoft.net.nospam> wrote in message
news:O8DbrSNgFHA.2156@TK2MSFTNGP14.phx.gbl...
> Steve,
>
> I've never been able to decrypt any files as RA. I am able to export to
> key
> pair to a .pfx but I haven't tried importing the RA key pair to the user's
> machine to test RA recovery. I guess what I should do in that case is
> import
> the keys into my admin profile on that machine, right? It seems importing
> them into the account of the user who encrpted the file wouldn't test RA
> recovery.
>
> Thanks,
>
> Thomas
>
>
>
> "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
> news:lYKdnT3bPa5-H1rfRVn-vA@comcast.com...
>> Can you decrypt any files as the RA or is the problem specific for this
> user
>> or file? Another thing to try to make sure your RA private key is intact
> is
>> to export your RA certificate/private key to a password protected .pfx
> file
>> [.cer file will not contain private key] and then logon to the user's
>> computer and import your RA certificate/private key via the .pfx file to
> see
>> if that works again making sure you have full control permission to the
>> file. --- Steve
>>
>>
>> "Thomas McLeod" <thomas03@mcleodsoft.net.nospam> wrote in message
>> news:OH%23$2qxfFHA.3936@TK2MSFTNGP14.phx.gbl...
>> > Yes, I have full control ACL on the file.
>> >
>> > I'm doing this in the lab. The file does not have important data. I can
>> > still logon as the original user and decrpt the file. I'm attempting to
>> > see
>> > if I can indeed decrypt a file as an RA, but so far it hasn't worked.
>> >
>> > This is the output from cipher.
>> >
>> > C:\Documents and Settings\Thomas\Desktop>cipher /D /A "to Thomas.txt"
>> >
>> > Decrypting files in C:\Documents and Settings\Thomas\Desktop\
>> >
>> > to Thomas.txt [ERR]
>> > to Thomas.txt: Access is denied.
>> >
>> > 0 file(s) [or directorie(s)] within 1 directorie(s) were decrypted.
>> >
>> > All help appreciated.
>> >
>> > Thomas
>> >
>> >
>> >
>> > "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
>> > news:OadmrpffFHA.3232@TK2MSFTNGP15.phx.gbl...
>> >> Sounds like you should be good to go. One thing to check is that you
>> >> ha
> ve
>> >> full control permissions on that file and you might try using the
> cipher
>> >> command. In a Windows 2000 domain or Windows 2000 local user, if the
>> >> user
>> >> account still exists try resetting the users password then logging on
> as
>> > the
>> >> user on the computer where the file was encrypted and see if you can
>> > decrypt
>> >> the file. The user's profile and certificate/private key would need to
> be
>> > on
>> >> the computer in order for such to work. -- Steve
>> >>
>> >>
>> >> "Thomas McLeod" <thomas03@mcleodsoft.net.nospam> wrote in message
>> >> news:%23zkDFNffFHA.3584@TK2MSFTNGP09.phx.gbl...
>> >> >
>> >> > Dear All,
>> >> >
>> >> > I'm the domain RA and I restored a file encrypted by another user to
> my
>> >> > machine. All machines are Win2k SP4. Using efsinfo, I checked that
>> >> > my
>> >> > RA
>> >> > cert is on the file and also installed in my personal store with the
>> >> > private
>> >> > key available. I checked the thumbprints and they match.
>> >> >
>> >> > But I still can't decrypt the file. What's up?
>> >> >
>> >> > Thomas
>> >> >
>> >> >
>> >>
>> >>
>> >
>> >
>>
>>
>
>
 
Archived from groups: microsoft.public.win2000.security,microsoft.public.security.crypto (More info?)

Steve,

I logged on to a domain computer (not the one where the file was encrpted)
as the user that encrpted the file and imported the RA key pair and was able
to decrypt the file. The question now is: why can't I decrypt the file from
my admin account on the same machine? My admin account has the same RA key
pair installed, in fact that is the profile from where I exported the keys.

Thomas


"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:%23bTf1MOgFHA.3164@TK2MSFTNGP15.phx.gbl...
> I would try logging onto a domain computer that has EFS files on it where
> you are supposed to be RA and importing your RA .pfx file into that user
> account to see if that works. If it does then it would seem there may be a
> problem with your backup and restore operation. If it still does not then
I
> am not sure what the problem is but what I would do is to define an
> additional RA, encrypt some files after the domain computers recognizes
the
> new CA which will need GP to replicate and refresh, and then try again
with
> the new RA. Logging on as the user and importing the RA would not
> demonstrate that the RA was working unless you are 100 percent sure that
the
> users EFS certificate/private key does not exist on the computer. ---
> Steve
>
>
> "Thomas McLeod" <thomas03@mcleodsoft.net.nospam> wrote in message
> news:O8DbrSNgFHA.2156@TK2MSFTNGP14.phx.gbl...
> > Steve,
> >
> > I've never been able to decrypt any files as RA. I am able to export to
> > key
> > pair to a .pfx but I haven't tried importing the RA key pair to the
user's
> > machine to test RA recovery. I guess what I should do in that case is
> > import
> > the keys into my admin profile on that machine, right? It seems
importing
> > them into the account of the user who encrpted the file wouldn't test RA
> > recovery.
> >
> > Thanks,
> >
> > Thomas
> >
> >
> >
> > "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
> > news:lYKdnT3bPa5-H1rfRVn-vA@comcast.com...
> >> Can you decrypt any files as the RA or is the problem specific for this
> > user
> >> or file? Another thing to try to make sure your RA private key is
intact
> > is
> >> to export your RA certificate/private key to a password protected .pfx
> > file
> >> [.cer file will not contain private key] and then logon to the user's
> >> computer and import your RA certificate/private key via the .pfx file
to
> > see
> >> if that works again making sure you have full control permission to the
> >> file. --- Steve
> >>
> >>
> >> "Thomas McLeod" <thomas03@mcleodsoft.net.nospam> wrote in message
> >> news:OH%23$2qxfFHA.3936@TK2MSFTNGP14.phx.gbl...
> >> > Yes, I have full control ACL on the file.
> >> >
> >> > I'm doing this in the lab. The file does not have important data. I
can
> >> > still logon as the original user and decrpt the file. I'm attempting
to
> >> > see
> >> > if I can indeed decrypt a file as an RA, but so far it hasn't worked.
> >> >
> >> > This is the output from cipher.
> >> >
> >> > C:\Documents and Settings\Thomas\Desktop>cipher /D /A "to Thomas.txt"
> >> >
> >> > Decrypting files in C:\Documents and Settings\Thomas\Desktop\
> >> >
> >> > to Thomas.txt [ERR]
> >> > to Thomas.txt: Access is denied.
> >> >
> >> > 0 file(s) [or directorie(s)] within 1 directorie(s) were decrypted.
> >> >
> >> > All help appreciated.
> >> >
> >> > Thomas
> >> >
> >> >
> >> >
> >> > "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> >> > news:OadmrpffFHA.3232@TK2MSFTNGP15.phx.gbl...
> >> >> Sounds like you should be good to go. One thing to check is that you
> >> >> ha
> > ve
> >> >> full control permissions on that file and you might try using the
> > cipher
> >> >> command. In a Windows 2000 domain or Windows 2000 local user, if
the
> >> >> user
> >> >> account still exists try resetting the users password then logging
on
> > as
> >> > the
> >> >> user on the computer where the file was encrypted and see if you can
> >> > decrypt
> >> >> the file. The user's profile and certificate/private key would need
to
> > be
> >> > on
> >> >> the computer in order for such to work. -- Steve
> >> >>
> >> >>
> >> >> "Thomas McLeod" <thomas03@mcleodsoft.net.nospam> wrote in message
> >> >> news:%23zkDFNffFHA.3584@TK2MSFTNGP09.phx.gbl...
> >> >> >
> >> >> > Dear All,
> >> >> >
> >> >> > I'm the domain RA and I restored a file encrypted by another user
to
> > my
> >> >> > machine. All machines are Win2k SP4. Using efsinfo, I checked that
> >> >> > my
> >> >> > RA
> >> >> > cert is on the file and also installed in my personal store with
the
> >> >> > private
> >> >> > key available. I checked the thumbprints and they match.
> >> >> >
> >> >> > But I still can't decrypt the file. What's up?
> >> >> >
> >> >> > Thomas
> >> >> >
> >> >> >
> >> >>
> >> >>
> >> >
> >> >
> >>
> >>
> >
> >
>
>
 
Archived from groups: microsoft.public.win2000.security,microsoft.public.security.crypto (More info?)

I don't really know what is going on offhand with your admin account on that
particular computer. I do know that the RA certificate/key does not seem to
care what user account it is imported into to be able to decrypt files as a
RA as I have experienced similar results. What I would try is to restore the
files to another computer, logon as your administrator account on that
computer [best done on a computer where a fresh profile will be generated at
logon], import your RA .pfx file and see if that works or not again being
sure that your account has proper ntfs permissions to that EFS file.
Unfortunately it can be difficult to track down such EFS problems as from my
experience there are usually no events recorded in the security/system logs
that would be of help and you end up with that "access denied" message
though you should still check those logs to see if anything pertinent
ows. --- Steve


"Thomas McLeod" <thomas03@mcleodsoft.net.nospam> wrote in message
news:%23flyscdgFHA.2880@TK2MSFTNGP14.phx.gbl...
> Steve,
>
> I logged on to a domain computer (not the one where the file was encrpted)
> as the user that encrpted the file and imported the RA key pair and was
> able
> to decrypt the file. The question now is: why can't I decrypt the file
> from
> my admin account on the same machine? My admin account has the same RA key
> pair installed, in fact that is the profile from where I exported the
> keys.
>
> Thomas
>
>
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:%23bTf1MOgFHA.3164@TK2MSFTNGP15.phx.gbl...
>> I would try logging onto a domain computer that has EFS files on it where
>> you are supposed to be RA and importing your RA .pfx file into that user
>> account to see if that works. If it does then it would seem there may be
>> a
>> problem with your backup and restore operation. If it still does not then
> I
>> am not sure what the problem is but what I would do is to define an
>> additional RA, encrypt some files after the domain computers recognizes
> the
>> new CA which will need GP to replicate and refresh, and then try again
> with
>> the new RA. Logging on as the user and importing the RA would not
>> demonstrate that the RA was working unless you are 100 percent sure that
> the
>> users EFS certificate/private key does not exist on the computer. ---
>> Steve
>>
>>
>> "Thomas McLeod" <thomas03@mcleodsoft.net.nospam> wrote in message
>> news:O8DbrSNgFHA.2156@TK2MSFTNGP14.phx.gbl...
>> > Steve,
>> >
>> > I've never been able to decrypt any files as RA. I am able to export to
>> > key
>> > pair to a .pfx but I haven't tried importing the RA key pair to the
> user's
>> > machine to test RA recovery. I guess what I should do in that case is
>> > import
>> > the keys into my admin profile on that machine, right? It seems
> importing
>> > them into the account of the user who encrpted the file wouldn't test
>> > RA
>> > recovery.
>> >
>> > Thanks,
>> >
>> > Thomas
>> >
>> >
>> >
>> > "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
>> > news:lYKdnT3bPa5-H1rfRVn-vA@comcast.com...
>> >> Can you decrypt any files as the RA or is the problem specific for
>> >> this
>> > user
>> >> or file? Another thing to try to make sure your RA private key is
> intact
>> > is
>> >> to export your RA certificate/private key to a password protected .pfx
>> > file
>> >> [.cer file will not contain private key] and then logon to the user's
>> >> computer and import your RA certificate/private key via the .pfx file
> to
>> > see
>> >> if that works again making sure you have full control permission to
>> >> the
>> >> file. --- Steve
>> >>
>> >>
>> >> "Thomas McLeod" <thomas03@mcleodsoft.net.nospam> wrote in message
>> >> news:OH%23$2qxfFHA.3936@TK2MSFTNGP14.phx.gbl...
>> >> > Yes, I have full control ACL on the file.
>> >> >
>> >> > I'm doing this in the lab. The file does not have important data. I
> can
>> >> > still logon as the original user and decrpt the file. I'm attempting
> to
>> >> > see
>> >> > if I can indeed decrypt a file as an RA, but so far it hasn't
>> >> > worked.
>> >> >
>> >> > This is the output from cipher.
>> >> >
>> >> > C:\Documents and Settings\Thomas\Desktop>cipher /D /A "to
>> >> > Thomas.txt"
>> >> >
>> >> > Decrypting files in C:\Documents and Settings\Thomas\Desktop\
>> >> >
>> >> > to Thomas.txt [ERR]
>> >> > to Thomas.txt: Access is denied.
>> >> >
>> >> > 0 file(s) [or directorie(s)] within 1 directorie(s) were decrypted.
>> >> >
>> >> > All help appreciated.
>> >> >
>> >> > Thomas
>> >> >
>> >> >
>> >> >
>> >> > "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
>> >> > news:OadmrpffFHA.3232@TK2MSFTNGP15.phx.gbl...
>> >> >> Sounds like you should be good to go. One thing to check is that
>> >> >> you
>> >> >> ha
>> > ve
>> >> >> full control permissions on that file and you might try using the
>> > cipher
>> >> >> command. In a Windows 2000 domain or Windows 2000 local user, if
> the
>> >> >> user
>> >> >> account still exists try resetting the users password then logging
> on
>> > as
>> >> > the
>> >> >> user on the computer where the file was encrypted and see if you
>> >> >> can
>> >> > decrypt
>> >> >> the file. The user's profile and certificate/private key would need
> to
>> > be
>> >> > on
>> >> >> the computer in order for such to work. -- Steve
>> >> >>
>> >> >>
>> >> >> "Thomas McLeod" <thomas03@mcleodsoft.net.nospam> wrote in message
>> >> >> news:%23zkDFNffFHA.3584@TK2MSFTNGP09.phx.gbl...
>> >> >> >
>> >> >> > Dear All,
>> >> >> >
>> >> >> > I'm the domain RA and I restored a file encrypted by another user
> to
>> > my
>> >> >> > machine. All machines are Win2k SP4. Using efsinfo, I checked
>> >> >> > that
>> >> >> > my
>> >> >> > RA
>> >> >> > cert is on the file and also installed in my personal store with
> the
>> >> >> > private
>> >> >> > key available. I checked the thumbprints and they match.
>> >> >> >
>> >> >> > But I still can't decrypt the file. What's up?
>> >> >> >
>> >> >> > Thomas
>> >> >> >
>> >> >> >
>> >> >>
>> >> >>
>> >> >
>> >> >
>> >>
>> >>
>> >
>> >
>>
>>
>
>
 
hi.. i have an encryted-file decryptor here... i bought it for $199... it works though.. It decrypted my files like in your case and got it just like before(I installed new OS and backed it up, forgetting it was encrypted(green-colored).. it doesn't require any passwords or certificates, and easy to use. I can give it to you for 50 bucks - full version.

I'm not sure if I would go to this thread again waiting for answer /s. I prefer you to send me an email at bsgod47@gmail.com if you are interested, but I'll try to visit here sometimes.^^

goodluck! ^_^