XP Pro SP2 Encryption not working

  • Thread starter Thread starter tedoniman
  • Start date Start date
T

tedoniman

29-Jul-07

XP Not encrypting my folders and files...
-----------------------------------------

New system, Win XP Pro SP2, 1 GB RAM, all NTFS partitions (no FAT32 format
option available during install).

(1) Encryption Problem.

Not sure if I understand the new terminology but thot that "encrypt" meant

"Convert ordinary language into code" so no one can read it until decrypted.

Well, that's not the case here. When I do my thing, all I get is a font
change
to green for the folder and file names, so on. When I tick and Apply,
"Details"

remains shaded/inactive. There are no compressed files. The folder is in C:\.

I did see the dynamic file transfer pop-up an things hopping from left to
right but after all that, everything in those "encrypted" folders is still
accessible as usual in my account (which, by the way, was not
password-protected
- but is now).

I subsequently placed a test folder under my account in "Documents and
Settings"
and followed same procedure. It had one file. I did not see the file-transfer
pop-up this time and results were same. I can still access the folder and
file
at anytime without going thru any decryption procedure.

Perhaps I just don't understand what MS means by "encryption" in the context
of this OS. Am new to this issue.

The info on the subject given in Help seems rather skimpy and doesn't really
put

any light on the subject for me. There is no meat in there. So I don't really
know what's going on or what I may be doing wrong.

Can any one clear this up for me please?


(2) Notepad Memory Problem.

This has been bugging me for a long time, since the last XP computer I worked
on. It looks like this is a standard bug or intentional. Whenever a
Notepad.txt
file reaches around 50 KB, a warning message pops up about 'not enuf mem to
complete the operation' yet the file does open ok once I x out the message. I
got 1 GB RAM in here and not many aps installed yet. It's annoying. Is there
a
registry fix for this?

Thanx in advance,


--
Ted...
 
1) This is the way EFS (encrypting file system) is supposed to behave.

The first time you encrypt a file, your computer will try to find a CA
(certificate authority) from which to enroll an EFS certificate. If there is
no CA (which I'm guessing is your case), then your computer will generate
its own EFS certificate. For each file you encrypt, your computer will
generate a unique FEK (file encryption key) and use this to encrypt the
file. Then the FEK is encrypted with the private key corresponding to your
EFS certificate. This blob is bound to the file, and then the file is saved
to the hard drive.

When you log in using the same account you used to encrypt files, EFS
transparently decrypts files as you access them. That's why you're seeing
the behavior--you can continue to work with your encrypted files without
having to go through a manual decryption step. But to all other user
accounts on the system, your files will always appear encrypted--and
therefore useless if someone copies them.

Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley


"tedoniman" <tedoniman@discussions.microsoft.com> wrote in message
news:A1952FA7-21C2-44C7-82A3-1C0BBC1BFECB@microsoft.com...
> 29-Jul-07
>
> XP Not encrypting my folders and files...
> -----------------------------------------
>
> New system, Win XP Pro SP2, 1 GB RAM, all NTFS partitions (no FAT32 format
> option available during install).
>
> (1) Encryption Problem.
>
> Not sure if I understand the new terminology but thot that "encrypt"
> meant
>
> "Convert ordinary language into code" so no one can read it until
> decrypted.
>
> Well, that's not the case here. When I do my thing, all I get is a font
> change
> to green for the folder and file names, so on. When I tick and Apply,
> "Details"
>
> remains shaded/inactive. There are no compressed files. The folder is in
> C:\.
>
> I did see the dynamic file transfer pop-up an things hopping from left to
> right but after all that, everything in those "encrypted" folders is
> still
> accessible as usual in my account (which, by the way, was not
> password-protected
> - but is now).
>
> I subsequently placed a test folder under my account in "Documents and
> Settings"
> and followed same procedure. It had one file. I did not see the
> file-transfer
> pop-up this time and results were same. I can still access the folder and
> file
> at anytime without going thru any decryption procedure.
>
> Perhaps I just don't understand what MS means by "encryption" in the
> context
> of this OS. Am new to this issue.
>
> The info on the subject given in Help seems rather skimpy and doesn't
> really
> put
>
> any light on the subject for me. There is no meat in there. So I don't
> really
> know what's going on or what I may be doing wrong.
>
> Can any one clear this up for me please?
>
>
> (2) Notepad Memory Problem.
>
> This has been bugging me for a long time, since the last XP computer I
> worked
> on. It looks like this is a standard bug or intentional. Whenever a
> Notepad.txt
> file reaches around 50 KB, a warning message pops up about 'not enuf mem
> to
> complete the operation' yet the file does open ok once I x out the
> message. I
> got 1 GB RAM in here and not many aps installed yet. It's annoying. Is
> there
> a
> registry fix for this?
>
> Thanx in advance,
>
>
> --
> Ted...
 
tedoniman wrote:
> 29-Jul-07
>
> XP Not encrypting my folders and files...
> -----------------------------------------
>
> New system, Win XP Pro SP2, 1 GB RAM, all NTFS partitions (no FAT32
> format option available during install).
>
> (1) Encryption Problem.
>
> Not sure if I understand the new terminology but thot that "encrypt"
> meant
>
> "Convert ordinary language into code" so no one can read it until
> decrypted.
>
> Well, that's not the case here. When I do my thing, all I get is a
> font change
> to green for the folder and file names, so on. When I tick and Apply,
> "Details"
>
> remains shaded/inactive. There are no compressed files. The folder is
> in C:\.
>
> I did see the dynamic file transfer pop-up an things hopping from
> left to right but after all that, everything in those "encrypted"
> folders is still accessible as usual in my account (which, by the
> way, was not password-protected
> - but is now).
>
> I subsequently placed a test folder under my account in "Documents and
> Settings"
> and followed same procedure. It had one file. I did not see the
> file-transfer pop-up this time and results were same. I can still
> access the folder and file
> at anytime without going thru any decryption procedure.
>
> Perhaps I just don't understand what MS means by "encryption" in the
> context of this OS. Am new to this issue.
>
> The info on the subject given in Help seems rather skimpy and doesn't
> really put
>
> any light on the subject for me. There is no meat in there. So I
> don't really know what's going on or what I may be doing wrong.
>
> Can any one clear this up for me please?

Before you go any further, read the material at the following links. The
incorrect use of EFS could cause you to loose ALL encrypted data.

The Encrypting File System
http://www.microsoft.com/technet/security/topics/cryptographyetc/efs.mspx

Best practices for the Encrypting File System
http://support.microsoft.com/kb/223316/en-us

How to back up the recovery agent Encrypting File System (EFS) private key
in Windows Server 2003, in Windows 2000, and in Windows XP
http://support.microsoft.com/kb/241201

How To Encrypt a Folder in Windows XP
http://support.microsoft.com/?id=308989

How To Remove File Encryption in Windows XP
http://support.microsoft.com/?id=308993

How To Encrypt a File in Windows XP
http://support.microsoft.com/?id=307877

HOW TO: Share Access to an Encrypted File in Windows XP
http://support.microsoft.com/?id=308991

>
>
> (2) Notepad Memory Problem.
>
> This has been bugging me for a long time, since the last XP computer
> I worked on. It looks like this is a standard bug or intentional.
> Whenever a Notepad.txt
> file reaches around 50 KB, a warning message pops up about 'not enuf
> mem to complete the operation' yet the file does open ok once I x out
> the message. I got 1 GB RAM in here and not many aps installed yet.
> It's annoying. Is there a
> registry fix for this?
>
> Thanx in advance,
 
In the future you might find it convenient to post one topic with
the subject indicating the post content, rather than two unrelated
questions which, as here, may not belong in the same newsgroup.

Try settings the NTFS permissions on one of those EFS encrypted
files so that some other account has Full Control at NTFS level.
Then log into that account a try to access the encrypted file.
You will get an access denied message. If that account attempts
at lower-level to read the bits from disk it will just get AES
encrypted bits.

EFS is supposed to be transparent to the allowed account.

The color shading you noticed is an optional setting in how
Explorer displays items that are EFS encrypted.

The return of the checkbox on the folder to its inital gray
appearance, after you had used it to set the folder to encrypt
contained files, is normal. That checkbox, like the Read-Only
box, on folders is not an indicator of state but is a switch to
use to set encryption, or read-only, on/off on the contained
files. Being EFS encrypted (or being read-only) is (are) not
actually properties of the folder but of the contained files.

Roger

"tedoniman" <tedoniman@discussions.microsoft.com> wrote in message
news:A1952FA7-21C2-44C7-82A3-1C0BBC1BFECB@microsoft.com...
> 29-Jul-07
>
> XP Not encrypting my folders and files...
> -----------------------------------------
>
> New system, Win XP Pro SP2, 1 GB RAM, all NTFS partitions (no FAT32 format
> option available during install).
>
> (1) Encryption Problem.
>
> Not sure if I understand the new terminology but thot that "encrypt"
> meant
>
> "Convert ordinary language into code" so no one can read it until
> decrypted.
>
> Well, that's not the case here. When I do my thing, all I get is a font
> change
> to green for the folder and file names, so on. When I tick and Apply,
> "Details"
>
> remains shaded/inactive. There are no compressed files. The folder is in
> C:\.
>
> I did see the dynamic file transfer pop-up an things hopping from left to
> right but after all that, everything in those "encrypted" folders is
> still
> accessible as usual in my account (which, by the way, was not
> password-protected
> - but is now).
>
> I subsequently placed a test folder under my account in "Documents and
> Settings"
> and followed same procedure. It had one file. I did not see the
> file-transfer
> pop-up this time and results were same. I can still access the folder and
> file
> at anytime without going thru any decryption procedure.
>
> Perhaps I just don't understand what MS means by "encryption" in the
> context
> of this OS. Am new to this issue.
>
> The info on the subject given in Help seems rather skimpy and doesn't
> really
> put
>
> any light on the subject for me. There is no meat in there. So I don't
> really
> know what's going on or what I may be doing wrong.
>
> Can any one clear this up for me please?
>
>
> (2) Notepad Memory Problem.
>
> This has been bugging me for a long time, since the last XP computer I
> worked
> on. It looks like this is a standard bug or intentional. Whenever a
> Notepad.txt
> file reaches around 50 KB, a warning message pops up about 'not enuf mem
> to
> complete the operation' yet the file does open ok once I x out the
> message. I
> got 1 GB RAM in here and not many aps installed yet. It's annoying. Is
> there
> a
> registry fix for this?
>
> Thanx in advance,
>
>
> --
> Ted...
 
Re: XP Pro SP2 Encryption not working
11 Sept., 2007 (17:26 local)

Thanx to Steve Riley, Greenie LeBrun and Roger Abell for the 3 distinct and
very
informative replies. That about covers it. I will send this same reply to all.

Sori for late reply. No line yet here and I got R Arthritis so bad I can't
go out to
Cybercafe. Just now lucky. Good weather. Got a wifi connection again and
will try
few times if necessary to reply.

OK. I understand a lot better now and I'll try follow up those links.

Sorry abt the Notepad thing. I think at the time I had, like now, a fluke
wifi
connection and tried to squeeze in as much as possible. The connection
usually
lasts only 15 min's but today it's been holding for a while. We'll see.

For anyone interested, the Notepad error occurs only when (1) text file size
exceeds abt 30K and (2) when the ".LOG" function is enabled (auto date/time
insert). There is no error when (2) is not at top of file.

Thanks again,

--
Ted...


"Steve Riley [MSFT]" wrote:

> 1) This is the way EFS (encrypting file system) is supposed to behave.
>
> The first time you encrypt a file, your computer will try to find a CA
> (certificate authority) from which to enroll an EFS certificate. If there is
> no CA (which I'm guessing is your case), then your computer will generate
> its own EFS certificate. For each file you encrypt, your computer will
> generate a unique FEK (file encryption key) and use this to encrypt the
> file. Then the FEK is encrypted with the private key corresponding to your
> EFS certificate. This blob is bound to the file, and then the file is saved
> to the hard drive.
>
> When you log in using the same account you used to encrypt files, EFS
> transparently decrypts files as you access them. That's why you're seeing
> the behavior--you can continue to work with your encrypted files without
> having to go through a manual decryption step. But to all other user
> accounts on the system, your files will always appear encrypted--and
> therefore useless if someone copies them.
>
> Steve Riley
> steve.riley@microsoft.com
> http://blogs.technet.com/steriley
>
>
> "tedoniman" <tedoniman@discussions.microsoft.com> wrote in message
> news:A1952FA7-21C2-44C7-82A3-1C0BBC1BFECB@microsoft.com...
> > 29-Jul-07
> >
> > XP Not encrypting my folders and files...
> > -----------------------------------------
> >
> > New system, Win XP Pro SP2, 1 GB RAM, all NTFS partitions (no FAT32 format
> > option available during install).
> >
> > (1) Encryption Problem.
> >
> > Not sure if I understand the new terminology but thot that "encrypt"
> > meant
> >
> > "Convert ordinary language into code" so no one can read it until
> > decrypted.
> >
> > Well, that's not the case here. When I do my thing, all I get is a font
> > change
> > to green for the folder and file names, so on. When I tick and Apply,
> > "Details"
> >
> > remains shaded/inactive. There are no compressed files. The folder is in
> > C:\.
> >
> > I did see the dynamic file transfer pop-up an things hopping from left to
> > right but after all that, everything in those "encrypted" folders is
> > still
> > accessible as usual in my account (which, by the way, was not
> > password-protected
> > - but is now).
> >
> > I subsequently placed a test folder under my account in "Documents and
> > Settings"
> > and followed same procedure. It had one file. I did not see the
> > file-transfer
> > pop-up this time and results were same. I can still access the folder and
> > file
> > at anytime without going thru any decryption procedure.
> >
> > Perhaps I just don't understand what MS means by "encryption" in the
> > context
> > of this OS. Am new to this issue.
> >
> > The info on the subject given in Help seems rather skimpy and doesn't
> > really
> > put
> >
> > any light on the subject for me. There is no meat in there. So I don't
> > really
> > know what's going on or what I may be doing wrong.
> >
> > Can any one clear this up for me please?
> >
> >
> > (2) Notepad Memory Problem.
> >
> > This has been bugging me for a long time, since the last XP computer I
> > worked
> > on. It looks like this is a standard bug or intentional. Whenever a
> > Notepad.txt
> > file reaches around 50 KB, a warning message pops up about 'not enuf mem
> > to
> > complete the operation' yet the file does open ok once I x out the
> > message. I
> > got 1 GB RAM in here and not many aps installed yet. It's annoying. Is
> > there
> > a
> > registry fix for this?
> >
> > Thanx in advance,
> >
> >
> > --
> > Ted...
>
 
Re: XP Pro SP2 Encryption not working
11 Sept., 2007 (17:26 local)

Thanx to Steve Riley, Greenie LeBrun and Roger Abell for the 3 distinct and
very
informative replies. That about covers it. I will send this same reply to all.

Sori for late reply. No line yet here and I got R Arthritis so bad I can't
go out

to
Cybercafe. Just now lucky. Good weather. Got a wifi connection again and
will try
few times if necessary to reply.

OK. I understand a lot better now and I'll try follow up those links.

Sorry abt the Notepad thing. I think at the time I had, like now, a fluke
wifi
connection and tried to squeeze in as much as possible. The connection
usually
lasts only 15 min's but today it's been holding for a while. We'll see.

For anyone interested, the Notepad error occurs only when (1) text file size
exceeds abt 30K and (2) when the ".LOG" function is enabled (auto date/time
insert). There is no error when (2) is not at top of file.

Thanks again,


--
Ted...


"GreenieLeBrun" wrote:

>
>
> tedoniman wrote:
> > 29-Jul-07
> >
> > XP Not encrypting my folders and files...
> > -----------------------------------------
> >
> > New system, Win XP Pro SP2, 1 GB RAM, all NTFS partitions (no FAT32
> > format option available during install).
> >
> > (1) Encryption Problem.
> >
> > Not sure if I understand the new terminology but thot that "encrypt"
> > meant
> >
> > "Convert ordinary language into code" so no one can read it until
> > decrypted.
> >
> > Well, that's not the case here. When I do my thing, all I get is a
> > font change
> > to green for the folder and file names, so on. When I tick and Apply,
> > "Details"
> >
> > remains shaded/inactive. There are no compressed files. The folder is
> > in C:\.
> >
> > I did see the dynamic file transfer pop-up an things hopping from
> > left to right but after all that, everything in those "encrypted"
> > folders is still accessible as usual in my account (which, by the
> > way, was not password-protected
> > - but is now).
> >
> > I subsequently placed a test folder under my account in "Documents and
> > Settings"
> > and followed same procedure. It had one file. I did not see the
> > file-transfer pop-up this time and results were same. I can still
> > access the folder and file
> > at anytime without going thru any decryption procedure.
> >
> > Perhaps I just don't understand what MS means by "encryption" in the
> > context of this OS. Am new to this issue.
> >
> > The info on the subject given in Help seems rather skimpy and doesn't
> > really put
> >
> > any light on the subject for me. There is no meat in there. So I
> > don't really know what's going on or what I may be doing wrong.
> >
> > Can any one clear this up for me please?
>
> Before you go any further, read the material at the following links. The
> incorrect use of EFS could cause you to loose ALL encrypted data.
>
> The Encrypting File System
> http://www.microsoft.com/technet/security/topics/cryptographyetc/efs.mspx
>
> Best practices for the Encrypting File System
> http://support.microsoft.com/kb/223316/en-us
>
> How to back up the recovery agent Encrypting File System (EFS) private key
> in Windows Server 2003, in Windows 2000, and in Windows XP
> http://support.microsoft.com/kb/241201
>
> How To Encrypt a Folder in Windows XP
> http://support.microsoft.com/?id=308989
>
> How To Remove File Encryption in Windows XP
> http://support.microsoft.com/?id=308993
>
> How To Encrypt a File in Windows XP
> http://support.microsoft.com/?id=307877
>
> HOW TO: Share Access to an Encrypted File in Windows XP
> http://support.microsoft.com/?id=308991
>
> >
> >
> > (2) Notepad Memory Problem.
> >
> > This has been bugging me for a long time, since the last XP computer
> > I worked on. It looks like this is a standard bug or intentional.
> > Whenever a Notepad.txt
> > file reaches around 50 KB, a warning message pops up about 'not enuf
> > mem to complete the operation' yet the file does open ok once I x out
> > the message. I got 1 GB RAM in here and not many aps installed yet.
> > It's annoying. Is there a
> > registry fix for this?
> >
> > Thanx in advance,
>
>
>
 
Re: XP Pro SP2 Encryption not working
11 Sept., 2007 (17:26 local)

Thanx to Steve Riley, Greenie LeBrun and Roger Abell for the 3 distinct and
very
informative replies. That about covers it. I will send this same reply to all.

Sori for late reply. No line yet here and I got R Arthritis so bad I can't
go out

to
Cybercafe. Just now lucky. Good weather. Got a wifi connection again and
will try
few times if necessary to reply.

OK. I understand a lot better now and I'll try follow up those links.

Sorry abt the Notepad thing. I think at the time I had, like now, a fluke
wifi
connection and tried to squeeze in as much as possible. The connection
usually
lasts only 15 min's but today it's been holding for a while. We'll see.

For anyone interested, the Notepad error occurs only when (1) text file size
exceeds abt 30K and (2) when the ".LOG" function is enabled (auto date/time
insert). There is no error when (2) is not at top of file.

Thanks again,

--
Ted...


"Roger Abell [MVP]" wrote:

> In the future you might find it convenient to post one topic with
> the subject indicating the post content, rather than two unrelated
> questions which, as here, may not belong in the same newsgroup.
>
> Try settings the NTFS permissions on one of those EFS encrypted
> files so that some other account has Full Control at NTFS level.
> Then log into that account a try to access the encrypted file.
> You will get an access denied message. If that account attempts
> at lower-level to read the bits from disk it will just get AES
> encrypted bits.
>
> EFS is supposed to be transparent to the allowed account.
>
> The color shading you noticed is an optional setting in how
> Explorer displays items that are EFS encrypted.
>
> The return of the checkbox on the folder to its inital gray
> appearance, after you had used it to set the folder to encrypt
> contained files, is normal. That checkbox, like the Read-Only
> box, on folders is not an indicator of state but is a switch to
> use to set encryption, or read-only, on/off on the contained
> files. Being EFS encrypted (or being read-only) is (are) not
> actually properties of the folder but of the contained files.
>
> Roger
>
> "tedoniman" <tedoniman@discussions.microsoft.com> wrote in message
> news:A1952FA7-21C2-44C7-82A3-1C0BBC1BFECB@microsoft.com...
> > 29-Jul-07
> >
> > XP Not encrypting my folders and files...
> > -----------------------------------------
> >
> > New system, Win XP Pro SP2, 1 GB RAM, all NTFS partitions (no FAT32 format
> > option available during install).
> >
> > (1) Encryption Problem.
> >
> > Not sure if I understand the new terminology but thot that "encrypt"
> > meant
> >
> > "Convert ordinary language into code" so no one can read it until
> > decrypted.
> >
> > Well, that's not the case here. When I do my thing, all I get is a font
> > change
> > to green for the folder and file names, so on. When I tick and Apply,
> > "Details"
> >
> > remains shaded/inactive. There are no compressed files. The folder is in
> > C:\.
> >
> > I did see the dynamic file transfer pop-up an things hopping from left to
> > right but after all that, everything in those "encrypted" folders is
> > still
> > accessible as usual in my account (which, by the way, was not
> > password-protected
> > - but is now).
> >
> > I subsequently placed a test folder under my account in "Documents and
> > Settings"
> > and followed same procedure. It had one file. I did not see the
> > file-transfer
> > pop-up this time and results were same. I can still access the folder and
> > file
> > at anytime without going thru any decryption procedure.
> >
> > Perhaps I just don't understand what MS means by "encryption" in the
> > context
> > of this OS. Am new to this issue.
> >
> > The info on the subject given in Help seems rather skimpy and doesn't
> > really
> > put
> >
> > any light on the subject for me. There is no meat in there. So I don't
> > really
> > know what's going on or what I may be doing wrong.
> >
> > Can any one clear this up for me please?
> >
> >
> > (2) Notepad Memory Problem.
> >
> > This has been bugging me for a long time, since the last XP computer I
> > worked
> > on. It looks like this is a standard bug or intentional. Whenever a
> > Notepad.txt
> > file reaches around 50 KB, a warning message pops up about 'not enuf mem
> > to
> > complete the operation' yet the file does open ok once I x out the
> > message. I
> > got 1 GB RAM in here and not many aps installed yet. It's annoying. Is
> > there
> > a
> > registry fix for this?
> >
> > Thanx in advance,
> >
> >
> > --
> > Ted...
>
>
>
 
Back
Top