0
One of our users was running Windows 10 Home. She upgraded to Windows 10 Professional specifically for EFS.
With the upgrade complete, she right-clicked on her Documents folder, Properties, Advanced, Encrypt contents to secure data. She received a UAC prompt and canceled.
She then went into each sub-folder under Documents and applied the encryption attribute using the same procedure. She did not get a UAC prompt.
Files that existed prior to the Windows 10 Professional upgrade that received the Encrypt contents attribute are now scrambled. For example, CSV files (plain text following the CSV standard) when opened in Excel or a text editor display jumbled, mostly non-alpha content.
When the encryption attribute is removed from a given file, the bit pattern is unaltered. The same jumbled characters appear in the file.
Files that are created after the update to Windows 10 Professional seem to function normally.
What could cause this behavior, and how can we recover from it?
Eric J.
Posted 2018-06-07T17:32:48.950
Reputation: 1 449
If the user hit cancel, on a prompt for an action requiring elevated permissions, then the contents were not encrypted. You will have to recover the files from a backup. – Ramhound – 2018-06-07T17:35:56.543
@Ramhound: If the contents were not encrypted, why does anything need to be recovered? What changes were made to the system at that point? – Eric J. – 2018-06-07T17:44:35.020
The prompt indicates the user didn't have permission, to encrypt the files in question, as to the reason the files are now corrupt I cannot speak to the reason that happened. It's possible by the attribute to encrypt the contents being enabled, but the user never confirming and providing the necessary elevation to do so, the contents were encrypted without being connect to the user's certificate. As the user tried. Even worst if the contents were encrypted, and the certificate was not actually generated, then the contents are indeed just random data at this point. – Ramhound – 2018-06-07T17:56:45.660
That would seem like a rather huge bug in Windows. Do you know this is the behavior or is it a suspicion? – Eric J. – 2018-06-07T18:01:41.723
The user should have hit Continue, had an Administrator authenticate, and provide the permissions. What I describe is based on my extensive knowledge of Windows. It is NOT based on a random suspicion However, It is hard to tell what exactly happen because the user, did not continue with the process, like they should have done. – Ramhound – 2018-06-07T18:07:09.177