Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Trouble with EFS. Access suddenly denied.

11 views
Skip to first unread message

Ed

unread,
Oct 4, 2007, 8:52:29 AM10/4/07
to
I'm a developer, but pretty much an "end user" when it comes to
working with EFS and certificates. I've just started having some
problems with EFS and I'm having trouble finding some "how to" info on
using EFS and managing certificates that's tailored to an end user and
not to network admins, etc. and would appreciate some guidance.

Running Windows XP Pro SP 2.
I have an external HD formatted w/ NTFS that I configured to use EFS.
Originally encrypted this with old laptop (and have a backup copy of
the original EFS certificate).

When I got my new laptop (in Jan 2007) I used the certificate manager
(under IE properties/Content/Certificates) to remove the existing
certificate and import the EFS certificate that I had exported from my
old machine. This all seemed to go smoothly at the time (I was able to
access the external HD and read/write to/from it).

I've used it successfully since then (I have folders/files I've copied
to it up to 08/29/2007). I know this is really going to sound like an
end user, but "I haven't changed anything" or modified the EFS
certificate since then...today I attempted to copy some files to this
drive and got an "Access Denied" error. I then attempted to simply
create a new folder and got the error "Unable to create the folder
'New Folder' - Access is denied."

I'm sure that the certificate is the same one I imported from my old
laptop and hasn't expired since it's valid from "3/23/2006 to
2/27/2106" (first date is prior to purchase of my new laptop so I know
it came from the old one; and obviously the 2nd date is far from now).

I just did some more testing and now I'm even more confused!
I can copy a file from EFS to another location.
I can edit a file in the EFS and save the changes (text file).
I cannot add new files or folders.

What is going on? The drive is not out of space (36gb free).

In addition, I would like to know more about how to manage multiple
certificates. How to compare them (to determine which one is
installed, etc.)? If I have multiple (one for home and one for work)
can I merge them or do I have to manage multiple? Can I install
(import) multiple EFS certificates...if so, how do I specify which one
I want to use when encrypting a specific location?

Thanks!

Ed

unread,
Oct 4, 2007, 11:11:48 AM10/4/07
to
Update:

Still have the same problem but have more info.

I created a new folder (at the root of the drive which is not EFS
encrypted...only a few of the drive's subfolders are EFS). When I went
into the folder's advanced properties and selected "Encrypt contents
to secure data" and clicked "Apply" I got the following error:

Title: "Error Applying Attributes"
Text: "An error occurred applying attributes to the file: F:\EFS_Test
Recovery policy configured for this system contains invalid recovery
certificate." w/ options to Ingore, Ignore All, Retry, and Cancel...I
cancelled.

Any help would be appreciated.

Brian Komar

unread,
Oct 4, 2007, 11:53:04 AM10/4/07
to
The EFS recovery agent certificate has expired.
YOu need to modify the certificate in the Default Domain policy to a valid
certificate
Brian

"Ed" <emcin...@yahoo.com> wrote in message
news:1191510708.9...@n39g2000hsh.googlegroups.com...

0 new messages