Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, September 10, 2018 6:06 PM
System: Windows 10 Professional
Problem: We have discovered that some computers on our network have folders of user data that have become encrypted. I am unable to decrypt these folders to gain access to the data. I believe that some (but definitely not all) of these encryptions are the result of moving a MACOSX compressed folder to windows.
Steps of failure:
1: See encrypted folder (Green).
2: Right click into properties. Select advanced.
3: 'Encrypt contents to secure data' is checkmarked, if I look at the 'Details' page, no users are under the 'Users who can access this file' group.
4: I uncheck the box and hit 'Ok', then 'Apply', then 'Apply changes to folder and subfolders'.
5: Error: An error occurred applying attributes to the file: "FILEPATH" This machine is disabled for file encryption.
Steps that I have tried:
-Removing the drive and attempting to decrypt from another computer.
-Attempting to access through a linux boot
-I had the user that 'owned' the file try to access it (I'm a network admin). She was unsuccessful. She downloaded the data a few months ago and her OS has NOT been modified since then.
-Bitlocker is not enables
-The disable EFI registry entry is appropriately set
I'm out of ideas, there's no way we can archive the data as no one has the ability to view or copy the data short of duplicating drives. The only thing we can do is see filenames and delete the files.
Any help would be much appreciated!
All replies (4)
Monday, September 10, 2018 7:12 PM
that zipped files from a MAC are encrypted seems to be by design:
Why do .zip files from Mac OS show up as green/encrypted?
but the last comment sounds as if this was fixed since Windows 8.
So were the affected files really created by Windows 10?
"The disable EFI registry entry is appropriately set" so you set EfsConfiguration to 0?
I guess decryption is only possible when encryption is allowed.
Are you sure it is not disabled via group policy?
As the files can only be decrypted with the efs key: that you can not do it on your computer is to be expected.
What error does the user get?
I don't understand why you can't backup the files, even when they are encrypted.
Monday, September 10, 2018 11:23 PM
1: I recently discovered a set of data that was downloaded to a windows 10 machine and was not moved elsewhere, unless you're referring to the original creation point, in that case I am unsure.
2: I did not have an EfsConfiguration DWORD, I now created one and set it to 0 to see what will happen. Previously I was changing the bit under NtfsDisableEncryption.
3: I've tested it on the user's computer with them logged in.
4: I can back them up because I am unable to cut or copy them anywhere. I can only delete them. I first noticed the problem when our ROBOCOPY scripts kept getting 'Access is denied' errors.
Tuesday, September 11, 2018 8:58 AM
Hi,
As you did, you should set EfsConfiguration DWORD to 0 to enable the EFS feature.
If the user that owned the file still can't decrypt it directly, the file encryption key will be needed.
Noteļ¼
If an administrator changes or resets the password of a user's local account on the PC, that local account will lose access to all their EFS encrypted files and folders until they restore the file encryption key for them.
It is highly recommended that you back up your file encryption key after encrypting files and folders to help avoid permanently losing access to your encrypted files and folders.
If you lose access to your encrypted files and folders, you will not be able to open them again unless you first restore the file encryption key for them.
Hope these could be helpful.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Friday, September 14, 2018 11:15 PM
Hello David,
I've already had to create the EfsConfig DWORD, that didn't fix the issue.
Also, I'm not sure if it matters concerning the encryption keys, but we don't use local accounts besides our root accounts which we rarely use. Everything is a network login through Active Directory.