Results 1 to 6 of 6

Thread: Vista File Permission Dilemma

Hybrid View

  1. #1
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683

    Vista File Permission Dilemma

    Hi all,

    I have 2 HDD which one is used for my OS and one for data. I was using Vista business X64 but decided to put on XP Pro. However after reformatting my OS HDD and putting on XP half my files are now hitting with me with "access denied. It is obviously looking for my Vista user account and will only let you open the folder / run the file. I have rebooted into safe mode and set myself as the owner and given all permissions. I am an admin on the machine as well.
    Anyknow how I can get around this or do I have to use datarecovery , ghost the drive and then set the permissions. I have attached a screenshot of the encryption that is on a particular file which is then asking about certificates.

    If anyone has any suggestions, thanks in advance.
    Last edited by Cider; October 25th, 2010 at 01:25 PM.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi,

    Did you make a backup of your EFS certificate? If you did then all you should need is a Vista machine. Here is a tutorial on what to do:

    http://www.vistax64.com/tutorials/99...e-restore.html

    You would need to do this on either another machine or on the same machine if you reinstalled Vista without decrypting your encrypted files first. It is worth bearing that in mind folks, as the situation may arise where you have to recover data from a drive that you have slaved to another Vista box, where the certificates will be different

    I believe that Vista creates a new certificate each time you install it, but I don't use EFS and I only have the Home Premium edition so I could be wrong? Obviously the new or different certificate won't unlock files that have been encrypted using the original certificate.

    There is a commercial product that is supposed to fix this:

    http://www.elcomsoft.com/aefsdr.html

    It is rather expensive, so I would only consider it myself if I expected to have a reasonable number of clients with this problem.

    Otherwise you could try this gross hack...........it might work? (I think that you will need a Vista machine)

    1. Make a backup of your files first
    2. Create a New Folder on the desktop. (not encrypted)
    3. Move all the encrypted files into the New Folder.
    4. Right click on the New Folder and click "Send To" -> "Compressed (zipped) Folder". (on desktop)
    5. Right click on the New Compressed Folder and "Extract" the New Folder.
    6. Click "Yes" to the do you want to replace the old New Folder.
    7. The files should not be encrypted now.

    WARNING! I have not tried that one myself, so do make sure that you have a backup

    Good Luck!
    Last edited by nihil; January 11th, 2009 at 11:03 AM.

  3. #3
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    1. Make a backup of your files first
    2. Create a New Folder on the desktop. (not encrypted)
    3. Move all the encrypted files into the New Folder.
    4. Right click on the New Folder and click "Send To" -> "Compressed (zipped) Folder". (on desktop)
    5. Right click on the New Compressed Folder and "Extract" the New Folder.
    6. Click "Yes" to the do you want to replace the old New Folder.
    7. The files should not be encrypted now.
    Hey Nihil,

    I couldnt copy a file to test this out from my HDD to the desktop. Dont know why , maybe because the OS is on a different HDD. If I try and follow your instructions where the file is setting I get a no read permission error.

    I havent tried this in safe mode yet but I will later.

    I didnt make a backup of my EFS certificate and I have XP Pro on now not vista. If it doesnt work in safe mode then I dont know because all my music is now flagged as encrypted :/
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    I think that you will need to slave it to a Vista box or reinstall Vista on that box.

    Pain in the butt I know, but I can't think of anything better

    I haven't looked to see if there is any other software out there............from what I have heard EFS isn't that secure?

  5. #5
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    from what I have heard EFS isn't that secure
    - So secure I cant even get my own data

    If I plug this into a linux box will I be able to do it there just out of interest? I've got Vista machines at work where I can do this.

    Why doesnt M$ release a fix or update for this, IMHO its really crappy.

    Anyway, shot for the help.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    I guess that you will have to do some research on that. I guess it all depends.

    Try the trial of that commercial software:

    http://www.crackpassword.com/products/prs/mswin/efs/

    and see if it tells you it can recover your data. If it can't, I would say that you won't be able to crack it either.

    What you might try is a data recovery tool and see what you can restore from the previous Windows install. This is what is claimed:

    Advanced EFS Data Recovery is a powerful data recovery tool that helps recovering the encrypted files under various circumstances.

    • EFS-protected disk inserted into a different PC
    • Deleted users or user profiles
    • User transferred into a different domain without EFS consideration
    • Account password reset performed by system administrator without EFS consideration
    • Damaged disk, corrupted file system, unbootable operating system
    • Reinstalled Windows or computer upgrades
    • Formatted system partitions with encrypted files left on another disk
    Another possibility lies with how Efs works. It copies stuff into (hidden?) temporary files before encryption, although I am not sure about the Vista version.

    It doesn't erase the files AFAIK but marks them as deleted. You might be able to recover the unencrypted files. The files you are looking for are Efs0.tmp

    If you have overwritten the required files you have lost your data. I do not believe that it is possible to break the encryption by brute forcing within a realistic timescale.

    EDIT:


    You might look at this. Not sure if it applies to Vista though:

    http://www.beginningtoseethelight.org/efsrecovery/
    Last edited by nihil; January 11th, 2009 at 10:46 PM.

Similar Threads

  1. Finding Rogue SMB File Shares On Your Network
    By Irongeek in forum The Security Tutorials Forum
    Replies: 0
    Last Post: September 2nd, 2005, 05:23 PM
  2. Basic Unix security tutorial
    By \/IP3R in forum AntiOnline's General Chit Chat
    Replies: 16
    Last Post: March 7th, 2005, 10:25 PM
  3. executable files
    By rcgreen in forum The Security Tutorials Forum
    Replies: 1
    Last Post: October 4th, 2002, 05:07 AM
  4. Black Wolf's Guide to Memory Resident Viruses.
    By ahmedmamuda in forum AntiVirus Discussions
    Replies: 2
    Last Post: March 20th, 2002, 02:03 AM
  5. Batch File Tut
    By Badassatchu in forum Non-Security Archives
    Replies: 1
    Last Post: November 23rd, 2001, 11:13 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •