Anmelden
 
HomeLibraryDownloadsSupportWebcasts & EventsCommunityForenBlogs
Ressourcen für IT-Professionals >
I AM the user who have access the file, but can't access it

Beantwortet I AM the user who have access the file, but can't access it

  • Mittwoch, 9. Januar 2013 08:56
     
     
    Anmelden
    0
    I've reinstalled the windows(same version) on one of our company computers. And now the same user(form Active Directory) cannot access some of his files. The files are on a different partition from the OS. They are green now and cannot be accessed at all even with changing their owner.
    The user had an old account on the domain. It's names has changed though the UN is the same. We tried them with the old account but again, couldn't access non of them. 
    Having all the pwds as the administrator, how can I recover the encryption data and access the files?

    In the "Who can access this file" page, it is set to the user's account, but logged in with that account, I can't access the file yet. What is going on here, people?

    Actually the user just doesn't know anything about encrypting and how to do it. So how is it possible to have encrypted data automatically? 

    I've asked this in Win7 section. They told me it's better put it here

    Thanks

     

Alle Antworten

  • Mittwoch, 9. Januar 2013 09:07
     
     
    Anmelden
    1

    Hi fesqel

    the files which you are trying to access are encrypted. when you encrypt a file or folder, a key automatically will generate and placed in your certificate folder. then each time you want to open the encrypted files, first it checks your local certificate folder to see if the key is still in the folder. once you re-install your OS it will be dumped unless you have planned before and created a backup for that certificate.

    I suggest you try to restore you previously backed up certificate in the certificate folder. frankly saying if you have not backed up your certificate there is no simple way to recover your lost files but there used to be third party recovery tools for recovering process back in 2003 age.

    have you backed up your certificate before?

     
  • Mittwoch, 9. Januar 2013 11:28
     
     
    Anmelden
    0

    So where is this certificate folder?

    I've saved some .cer files, but having installed them, nothing happened again.

    Thanks

     
  • Mittwoch, 9. Januar 2013 12:59
     
     Beantwortet
    Anmelden
    0

    Hi,

    A key concept for EFS (Encrypted File System) is the DRA (Data Recovery Agent).
    Please read here for some background information about how EFS works (http://technet.microsoft.com/en-us/library/cc875821.aspx)

    What happend in your case?

    The user encrypted his files/folders with the use of a personal user certificate. This certificate (with public and private key) is stored on the local machine (In the local store\peronal). When the user encrypts their files\folders, the private key part of the certificate is used for the encryption. Upon reinstallation of the machine, the certificates in the personal store (on the local computer) are removed, that means that the required certificate (with the private key (to decrypt the files) is lost).

    If I remember correct, there is no way to recover those files without having:

    - Either the original user certificate (with corresponding private key); The .CERs you exported probably only have the public key part of the certificate
    - A designated KRA (Key Recovery Agent) or some one with access to the recovery key (By default, the built-in Administrator account for a domain is a recovery agent)

    * Your question: You can view local (user and computer) certificates using the Mircrosoft Management Console (MMC) > Adding the Certificates snap-in

    Regards,

    Armand

    "The beginning of knowledge is the discovery of something we do not understand."

     
  • Donnerstag, 10. Januar 2013 06:59
     
     Beantwortet
    Anmelden
    0

    if you have backed up your certificates before you are supposes to install them in "Personal" folder of certmgr.msc .becuase the certificates which belong to EFS are stored in personal folder. by the way there are computer certificates and user certificates. for importing the certificates which you have backed up:

    Run>MMC>File menu>add remove snap ins>Certificates>My user account>Finish>ok

    then you right click the "Personal" folder and choose"All task" and click "Import" and follow the wizard.