Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsWindows VistaWindows XPWindows MeWindows 98Windows 95Virtual PCInternet ExplorerOutlook ExpressWindows MediaSecurity
Related Topics
MS Server ProductsMS OfficePC HardwareMore Topics ...
Windows Forum / Windows XP / Security and Administration / April 2005

Tip: Looking for answers? Try searching our database.

Encrypted Folders and Upgrading to XP

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Chuck Gibson - 30 Apr 2005 01:42 GMT
I just upgraded a machine to XP from 2K, and found that the encrypted folders
(EFS) on the NTFS data disk are no longer accessable.  The permissions on the
folders are still set correctly, but I am unable to access, copy or disable
encryption.
The domain user accounts are still valid, so I am assuming this has
something to do with the SID from the 2K install vs the new SID for the XP
install.
Is there any way to recover these files? (the old machine account has been
deleted from the domain).

TIA
Reply to this Message
Richard Urban - 30 Apr 2005 01:59 GMT
Without the encryption key, which the user must export for safe keeping, the
files are useless.

Signature

Regards,

Richard Urban

aka   Crusty (-: Old B@stard :-)

If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!

>I just upgraded a machine to XP from 2K, and found that the encrypted
>folders
[quoted text clipped - 10 lines]
>
> TIA
Reply to this Message
Kerry Brown - 30 Apr 2005 05:39 GMT
>I just upgraded a machine to XP from 2K, and found that the encrypted
>folders
[quoted text clipped - 10 lines]
>
> TIA

EFS works differently in XP and 2K, and differently again with domain
accounts and local accounts. If there is a designated recovery agent for the
domain you may be able to use that key to unencrypt the files. See the
following link:

http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Def
ault.asp?url=/resources/documentation/windows/xp/all/reskit/en-us/prnb_efs_lnfx.
asp

It's a long and hard to understand chapter in the docs. Basically you would
need to export the DRA certificate and key and import them on the computer
with the encrypted files. If the domain admins do not want to allow this key
to be exported (it is a major security risk) then you would have to back up
the files and they could unencrypt them on a different computer.

Kerry
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.