This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

Wrong Data EFS using System Account after A Few Reboots

Question
0

Sign in to vote

Hi all,

I have a few files protected with EFS, and can only be accessed by the System Account (I have a service also running with System Account that it is supposed to be the only one that can access to these files)

The problem is that, after a few reboots, the data from these files seems corrupted (files are filled with binary data)

My service is configured with start = Auto. I have checked that if I set my service as start = Manual, and I start the service manually, the files are restored with valid data.

I have tried the approach of using start = Auto(Delayed), and it seems to be working fine if I set a delay time up to 30 seconds... which I would not like because I need a good start up performance.

Also I have tried to add the dependency of my service with EFS service, and it did not work either...

Is there any chance that Windows OS needs time for fulfill some unknown condition in order to access to a file content protected with EFS?

Friday, February 17, 2017 9:05 AM

All replies

0

Sign in to vote

Hello Fulanito,

Based on the scenario, it seems that some services EFS dependent with are started later than EFS.

If you set start=Auto, can the files be restored after waiting for a long time, and what's the OS version?

To give a further investigation, I would recommend to open the debug log for EFS, and then analyze the logs.

More information about enabling debug log for EFS, please refer to the following guidance.

https://blogs.technet.microsoft.com/dubaisec/2016/09/30/efs-element-not-found-error/

Best regards,
Andy Liu
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Monday, February 20, 2017 9:26 AM