encryption & decryption access denied error

D

denrecnoc

Here's a problem, perhaps someone here in the forum might have knowledge of or links to relevant information.

While trying to encrypt or decrypt files and folders an Access Denied error is produced.

However, if files and folders, previously encrypted, are copied to a FAT partition the files and folders are decrypted.

I have tried resetting effective permissions for Users, Groups and Security Principals, from the Administrator account and the original user Admin account without any success.

The problem occurs while trying to encrypt or decrypt from the Windows Explorer as well as Cipher.exe.
 
Members of the Administrators group cannot decrypt files unless the person who encrypted the files designated them as recovery agents before encrypting the files.
Click to expand...

http://support.microsoft.com/kb/308993

the quote is from the link above, since you are familiar with microsoft support knowledge base, have you seen this already??

are you the user who encrypted the files originally??

================

If I remember correctly another way you can try to do this is to gain access to a system with a FAT Partition. You can do this with another usb harddrive with FAT partitioning, creating a partition on one of your existing harddrives formated as FAT, or if you have Windows 95/98 laying around on a Desktop. Copying Encrypted files off of an NTFS partition to a FAT partition will remove any encryption. Then you can copy them back to your XP system and re-encrypt them as needed.
Click to expand...

from here
 
Elizabeth23 said:
http://support.microsoft.com/kb/308993

the quote is from the link above, since you are familiar with microsoft support knowledge base, have you seen this already??

are you the user who encrypted the files originally??

================



from here
Click to expand...

The primary problem is with encryption and secondarily decryption.

Logged on as the original administrator's user account that the files and folder were encrypted no files and folders can be encrypted or decrypted. However, using the original keys, encrypted files can be decrypted by copying to a fat partition.

I have read various articles including the one you have a link to.

New keys were created in case the old keys somehow became corrupted, but this did not solve the current problem. When a user creates new keys, past encrypted files can no longer be accessed unless a Recovery Agent was created using the old keys.

Recovering old encrypted files is not what I am trying to accomplish.

In order to decrypt files, encryption needs to be first working, so there are no access denied errors during encryption.
 
Disregard any comments from the previous post about encryption keys ... new encryption keys can be made for the current user running cipher using the /k switch.

The user should still have access previously encrypted files created from the old keys. I am still looking into this. The last time I used cipher.exe was years ago, my memory is still a bit hazy on some of the details.

Here is an article explaining some of the uses for cipher.exe and what things it is able to do that can't be done from the GUI.

http://www.techrepublic.com/article/use-cipherexe-for-command-line-encryption/
 
I forgot to mention in my original post.

Possibly the file access error is related to DEP. (Data Execution Prevention) ?

Another problem the OS is having.

No matter how DEP is configured, either through the control panel > system or editing the boot.ini file. DEP defaults to.

DataExecutionPrevention_Available = TRUE

DataExecutionPrevention_SupportPolicy = 2

I have tried reconfiguring dep by editing the boot.ini file, each time DEP defaults to the above settings.

http://support.microsoft.com/kb/912923/en-us

http://support.microsoft.com/kb/875352

http://support.microsoft.com/kb/833721

http://msdn.microsoft.com/en-us/library/windows/hardware/ff542248(v=vs.85).aspx
 
You must log in or register to reply here.
Back
Top