|
| If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|||||||
|
|
Thread Tools | Display Modes |
|
#37
December 20th 03, 11:28 PM
|
|||
|
|||
How to get full access to all contents?
Should I rename my computer to ME? Will I retain access to domain resources?
"Roger Abell" wrote in message ... While logged in as an admin schedule a cmd prompt to open in a couole minutes using task scheduler. When the cmd prompt opens, it is running as System (which is the local identity known to the domain as machinename$). There is no way I know of to actually log in as that account, as you do not know the password. -- Roger Abell Microsoft MVP (Windows Server System: Security) MCSE (W2k3,W2k,Nt4) MCDBA "Dmitriy Kopnichev" wrote in message ... Importing the saved key didn't help. How to logon to the "ME$(ME$@workgroup)" account? "Roger Abell" wrote in message ... NG list trimmed to security_admin Have you yet tried importing the key that was saved into an account ? When doing this, it will give you the option to have it prompt you whenerver it is used, or to just do it. You must select for it to just do it without prompting. Account names like ME$ are usually the machine account that represents the machine as a member in the domain. -- Roger Abell Microsoft MVP (Windows Server System: Security) MCSE (W2k3,W2k,Nt4) MCDBA "Dmitriy Kopnichev" wrote in message ... I haven't removed any account. Isn't the "ME$(ME$@workgroup)" a user account? I used not the cipher, but "Encryption Details for" the file window in "Advanced Attributes" of the file window. I saved a Private key to a .pfx file before I was joined the domain and my computer was renamed by the domain administrators. "Roger Abell" wrote in message ... You may own the machine and the files may be yours, but if it is encrypted and you cannot prove to the system that you are supposed to be able to decrypt it then it will not let you. The only way to prove that you are supposed to be able to access the EFS encrypted file is to use an account that has loaded into it the decryption key that corresponds to the certificate that was used to encrypt the file. When you renamed the machine, apparently starting down the road of denied access, something seems to have removed that capability. When you used cipher to look at the file it said that there was no user account allowed to decrypt it, instead indicating the machine was allowed to decrypt it. That, assuming you have reported accurately what you saw, is something with which I am unfamiliar, either as to why it got that way or how to get out of that situation. -- Roger Abell Microsoft MVP (Windows Server System: Security) MCSE (W2k3,W2k,Nt4) MCDBA "Dmitriy Kopnichev" wrote in message ... This is my file. I'm the only computer owner. "Roger Abell" wrote in message ... code 5 is probably access failure in this case since you do not have EFS capability to decrypt you are not allowed to modify who can decrypt -- Roger Abell Microsoft MVP (Windows Server System: Security) MCSE (W2k3,W2k,Nt4) MCDBA "Dmitriy Kopnichev" wrote in message ... I tried to add myself and/or another user to "Users Who Can Transparently Access this File" and got an error "ERSADU Error in adding new user(s). Error code 5." "Roger Abell" wrote in message ... When you look at the file's properties Security dialog is anything checked for any group in the Deny column ? You must highlight each group listed one at a time and then look at what is Granted/Denied. An account that is only in Administrators group is actually also in other things to which there can be NTFS Grants/Denies, like Authenticated Users, Network, Interactive, Everyone. . . . Not having EFS authorization appears as if it is a NTFS permissions denial. You should use the cipher commandline utility to examine the thumbprint info of the file to see what accounts are allowed to decrypt it. -- Roger Abell Microsoft MVP (Windows Server System: Security) MCSE (W2k3,W2k,Nt4) MCDBA "Dmitriy Kopnichev" wrote in message ... How to become sure that there is no Deny for any group. The file is EFS protected. But I can open other EFS protected files. "Roger Abell" wrote in message ... This means that you have full control and it is inherited from some higher directory. Are you sure that there is no Deny for some group, and if there is make sure your account is not a member of the group. Deny overrides a Grant. -- Roger Abell Microsoft MVP (Windows Server System: Security) MCSE (W2k3,W2k,Nt4) MCDBA "Dmitriy Kopnichev" wrote in message ... I'm the Owner of the file and have full access, but the "Effective permissions" are all checked and grayed for me. "Kelly" wrote in message ... Without knowing more, see if this helps: EXE and LNK Fix for Windows XP - Line 12 http://www.kellys-korner-xp.com/xp_tweaks.htm To use the Regedit: Save the REG File to your hard disk. Double click it and answer yes to the import prompt. REG files can be viewed in Notepad by right clicking on the file and selecting Edit. -- All the Best, Kelly MS-MVP Win98/XP [AE-Windows® XP] Troubleshooting Windows XP http://www.kellys-korner-xp.com Top 10 Frequently Asked Questions and Answers http://www.kellys-korner-xp.com/top10faqs.htm "Dmitriy Kopnichev" wrote in message ... Hello I get "Windows cannot access the specified device, path, or file. You may not have appropriate permissions to access the item." when I double-click a file. I'm the only owner of the computer. How to get full access to all contents? 
|
| Thread Tools | |
| Display Modes | |
|
|
Threaded Mode