Lose ability to decrypt EFS files after reboot

Giganews Newsgroups
Subject: Lose ability to decrypt EFS files after reboot
Posted by:  Gary Flynn (flynn…@jmu.edu)
Date: Tue, 27 Feb 2007

We've been wrestling with a problem computer for a few
days now and was hoping these symptoms ring a bell with
someone.

After a reboot, when we attempt to read files in an directory
with the encryption property set, the data is does not appear
to be decrypted. That is, we see junk where we should see
simple ascii text.

Everything works fine until the computer is rebooted. It
works fine after logouts and logins. After a reboot, none
of the accounts formerly able to access the file, including
manually added certs and the recovery agent, are able to read
anything but garbage from the file. We create a new account
and encrypt files and it works fine until the computer
is rebooted again.

This is true of local or domain accounts. When the problem
first appeared, the computer was not joined to a domain.

All EFS certs are of the automatically generated, self-signed
type.

The computer is a new Vista computer.

All the account certs and thumb prints appear unchanged before
and after the reboot.

I suspect the problem would go away if we rebuilt the
computer but as we're familiarizing ourselves with EFS
before a wider roll-out, I'd really like to define
the problem and what caused it in case we run into it again.

--
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security

Replies