locked
EFS on Win XP SP3 - cant access files anymore cause thumbprint and "users who can transparently access this file" got changed RRS feed

  • Question

  • For no obvious reason i cant access my efs files no more. Everything was working ok for years, while last night i tryed to open files and got access denied. So i went exploring and found out that thumbprint and users who can transparently access file changed! They dont match with ones in certificate. "Users who can transparently access file" should be "ADMIN-556C9D831" but now for some reason shows "a(a@KPOKJ-6ECB2AC0D". Thumbprint is diferent then the one in certificate (i have the private key that corresponds to certificate). Before posting this question ive tryed all solutions i could find out there...Permisions are ok, i have full controll over folders and files. Checked the hard drive, no errors.

    Im not on domain, im on home pc, one user only (admin), never changed, deleted or created new user account, or password for that matter. Data im trying to access is on second hard drive plus i have a backup of it on USB hard drive. I thought "ok, something went wrong with hard drive. so i better check the data on USB hard". I was stunned to see that same thing happend here! Thumbprint and users who can transparently access file changed here as well! Ive exported PFX file years ago, got 5 copies of it on 5 diferent locations (on dvd, another hard drive, on two phones and SD card), they are all same so in my opinion they didnt get corrupted cause i can import them without any problem and they all show same information. Tryed to think what could of screw up things...Last time i accessed files was around one week ago. Since then ive defragmented affected disk, installed some updates and ran registry clean up software. No other software was installed. I dont use system restore, i use backup software and got full backup (two months old) of system disk. Today ive ran recovery of system drive but nothing changed. Certificate still doesnt match with files thumbprint. By the way, no one accessed this pc other then myself. If it matters, my pc is dual boot with ubuntu.

    So my question is what went wrong? Why did thumbprint and users who can transparently acces file got changed? To me it smells like corruption of something but im no expert. From what ive read from other people im pretty sure i can forget on my encrypted data (bank and logs stuff). Id just like to know what happened here.

    Thanks in advance.

    Sunday, April 29, 2012 10:58 AM

All replies

  • i guess you do not have a backup

    the EFS has basically failed and there is  no way to recover

    next time do not use it


    Backups i got:

    1. system backup made with acronis, two months old (where everything worked well)

    2. PFX certificate file (5 of them on diferent locations)

    3. backup of encrypted data from second hard drive (where original data is) on USB hard which is also encrypted, with same key

    Nothing went wrong with certificates inside system or system itself, something changed within encrypted data so that thumbprint and user changed inside files themselves. The "EFS has basically failed" answer dont give any satisfaction at all. If i shouldnt use it then whats the point of it? It happened to me, it could happen to anyone, for no good reason.
    Sunday, April 29, 2012 4:35 PM