Vista - Encryption Smart Card Trouble

My Vista Ultimate machine thinks I'm supposed to be using a Smart card to
encrypt files using EFS as it's prompting me for a Smart Card Pin. But I've
NEVER used a smart card. How can I get Vista to realize this?

Brandon

EFS will use a smart card certificate for encryption only if one of these
conditions has occurred:
1. Group policy requires it. (Group policy does not, however, require
smart cards for EFS by default. It must have been configured by an
administrator.)
2. The user has specifically selected to use a smart card certificate
through the EFS wizard.

Do either of these apply to you? If not, can you give more details?

Thanks.
Pat
--
This posting is provided "AS IS" with no warranties, and confers no rights.


"Brandon" wrote:

> My Vista Ultimate machine thinks I'm supposed to be using a Smart card to
> encrypt files using EFS as it's prompting me for a Smart Card Pin. But I've
> NEVER used a smart card. How can I get Vista to realize this?
>
> Brandon
>
>

I'm having a somewhat similar problem as Brandon...

I had encrypted a folder with the EFS in Vista 32-bit, although recently the
OS failed (following a fatal/bad install of the cd burning tool alcohol
120%).. I later reinstalled a clean copy of Vista 64-bit about a week later.
When I origianlly encryted the folder before it went down, I was prompted to
back up some type of security certificate (a .pfx file) should I need to
recover the encrypted data - which I did on to a USB flash drive.
In the clean install of windows vista 64-bit, I imported the backed up .pfx
file, tapped in my password and as far as I could tell it imported
successfully. However, when I tried to access the encryted folder I was
presented with a 'Insert a smart card' diaglog and it will go no further.
Now let me please _clearly_ state for the record - Neither of the two
conditions you mentioned to Brandon were met for me. I was using all default
EFS/policy settings (as I had not changed nothing at all). I am the only user
of this computer, so we can rule out tamperings by another
user/administrator. I NEVER used a smart card to encrypt the data originally,
in fact I don't even OWN a smart card or smart card reader. I have everything
Window's recommended I back up for recovery so how do I get rid of this
strange prompt for a smart card and gain access back to my important files?



Hoffer [MSFT]" wrote:

> EFS will use a smart card certificate for encryption only if one of these
> conditions has occurred:
> 1. Group policy requires it. (Group policy does not, however, require
> smart cards for EFS by default. It must have been configured by an
> administrator.)
> 2. The user has specifically selected to use a smart card certificate
> through the EFS wizard.
>
> Do either of these apply to you? If not, can you give more details?
>
> Thanks.
> Pat
> --
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
> "Brandon" wrote:
>
> > My Vista Ultimate machine thinks I'm supposed to be using a Smart card to
> > encrypt files using EFS as it's prompting me for a Smart Card Pin. But I've
> > NEVER used a smart card. How can I get Vista to realize this?
> >
> > Brandon
> >
> >

There is one other condition that will cause smart card prompting for
encrypted files. If you enable "strong private key protection" when you
import the .pfx file, you will be prompted for a smart card when trying to
open your encrypted files. Strong private key protection has never been
compatible with EFS. (A good reference for this is "Recover encrypted files
or folders" in Vista's Help and Support.) There is an easy fix: repeat the
import without selecting the option. No need to delete the previous
certificate; the new import will overwrite it.

Thanks.
Pat
--
This posting is provided "AS IS" with no warranties, and confers no rights.


"James" wrote:

> I'm having a somewhat similar problem as Brandon...
>
> I had encrypted a folder with the EFS in Vista 32-bit, although recently the
> OS failed (following a fatal/bad install of the cd burning tool alcohol
> 120%).. I later reinstalled a clean copy of Vista 64-bit about a week later.
> When I origianlly encryted the folder before it went down, I was prompted to
> back up some type of security certificate (a .pfx file) should I need to
> recover the encrypted data - which I did on to a USB flash drive.
> In the clean install of windows vista 64-bit, I imported the backed up .pfx
> file, tapped in my password and as far as I could tell it imported
> successfully. However, when I tried to access the encryted folder I was
> presented with a 'Insert a smart card' diaglog and it will go no further.
> Now let me please _clearly_ state for the record - Neither of the two
> conditions you mentioned to Brandon were met for me. I was using all default
> EFS/policy settings (as I had not changed nothing at all). I am the only user
> of this computer, so we can rule out tamperings by another
> user/administrator. I NEVER used a smart card to encrypt the data originally,
> in fact I don't even OWN a smart card or smart card reader. I have everything
> Window's recommended I back up for recovery so how do I get rid of this
> strange prompt for a smart card and gain access back to my important files?
>
>
>
> Hoffer [MSFT]" wrote:
>
> > EFS will use a smart card certificate for encryption only if one of these
> > conditions has occurred:
> > 1. Group policy requires it. (Group policy does not, however, require
> > smart cards for EFS by default. It must have been configured by an
> > administrator.)
> > 2. The user has specifically selected to use a smart card certificate
> > through the EFS wizard.
> >
> > Do either of these apply to you? If not, can you give more details?
> >
> > Thanks.
> > Pat
> > --
> > This posting is provided "AS IS" with no warranties, and confers no rights.
> >
> >
> > "Brandon" wrote:
> >
> > > My Vista Ultimate machine thinks I'm supposed to be using a Smart card to
> > > encrypt files using EFS as it's prompting me for a Smart Card Pin. But I've
> > > NEVER used a smart card. How can I get Vista to realize this?
> > >
> > > Brandon
> > >
> > >

After lots of fiddling I was able to get access back to my files previous to
your post.

However, now you mention it, I do remember clicking that strong encryption
checkbox when I very first imported my certificate. So I think you hit the
nail on the head on that one. Although I must say it did take extra fiddling
than was suggested after I had mistakenly done that for windows to somehow
'reset' itself from that mixup because I defintely tried to reimport the cert
without checking that box quite a number of times while I was trying
different things. Odd.

Thanks,
James.

"Pat Hoffer [MSFT]" wrote:

> There is one other condition that will cause smart card prompting for
> encrypted files. If you enable "strong private key protection" when you
> import the .pfx file, you will be prompted for a smart card when trying to
> open your encrypted files. Strong private key protection has never been
> compatible with EFS. (A good reference for this is "Recover encrypted files
> or folders" in Vista's Help and Support.) There is an easy fix: repeat the
> import without selecting the option. No need to delete the previous
> certificate; the new import will overwrite it.
>
> Thanks.
> Pat
> --
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
> "James" wrote:
>
> > I'm having a somewhat similar problem as Brandon...
> >
> > I had encrypted a folder with the EFS in Vista 32-bit, although recently the
> > OS failed (following a fatal/bad install of the cd burning tool alcohol
> > 120%).. I later reinstalled a clean copy of Vista 64-bit about a week later.
> > When I origianlly encryted the folder before it went down, I was prompted to
> > back up some type of security certificate (a .pfx file) should I need to
> > recover the encrypted data - which I did on to a USB flash drive.
> > In the clean install of windows vista 64-bit, I imported the backed up .pfx
> > file, tapped in my password and as far as I could tell it imported
> > successfully. However, when I tried to access the encryted folder I was
> > presented with a 'Insert a smart card' diaglog and it will go no further.
> > Now let me please _clearly_ state for the record - Neither of the two
> > conditions you mentioned to Brandon were met for me. I was using all default
> > EFS/policy settings (as I had not changed nothing at all). I am the only user
> > of this computer, so we can rule out tamperings by another
> > user/administrator. I NEVER used a smart card to encrypt the data originally,
> > in fact I don't even OWN a smart card or smart card reader. I have everything
> > Window's recommended I back up for recovery so how do I get rid of this
> > strange prompt for a smart card and gain access back to my important files?
> >
> >
> >
> > Hoffer [MSFT]" wrote:
> >
> > > EFS will use a smart card certificate for encryption only if one of these
> > > conditions has occurred:
> > > 1. Group policy requires it. (Group policy does not, however, require
> > > smart cards for EFS by default. It must have been configured by an
> > > administrator.)
> > > 2. The user has specifically selected to use a smart card certificate
> > > through the EFS wizard.
> > >
> > > Do either of these apply to you? If not, can you give more details?
> > >
> > > Thanks.
> > > Pat
> > > --
> > > This posting is provided "AS IS" with no warranties, and confers no rights.
> > >
> > >
> > > "Brandon" wrote:
> > >
> > > > My Vista Ultimate machine thinks I'm supposed to be using a Smart card to
> > > > encrypt files using EFS as it's prompting me for a Smart Card Pin. But I've
> > > > NEVER used a smart card. How can I get Vista to realize this?
> > > >
> > > > Brandon
> > > >
> > > >

You are right: the second import does not work right away unless you clear
cache. I had forgotten that step. There is still cache left over from the
failed attempt to access the file. Once that cache is cleared, the second
import works--or as you say, resets itself. Cache is cleared every eight
hours for EFS or when you log off. Thanks for pointing that out.

Thanks.
Pat
--
This posting is provided "AS IS" with no warranties, and confers no rights.


"James" wrote:

> After lots of fiddling I was able to get access back to my files previous to
> your post.
>
> However, now you mention it, I do remember clicking that strong encryption
> checkbox when I very first imported my certificate. So I think you hit the
> nail on the head on that one. Although I must say it did take extra fiddling
> than was suggested after I had mistakenly done that for windows to somehow
> 'reset' itself from that mixup because I defintely tried to reimport the cert
> without checking that box quite a number of times while I was trying
> different things. Odd.
>
> Thanks,
> James.
>
> "Pat Hoffer [MSFT]" wrote:
>
> > There is one other condition that will cause smart card prompting for
> > encrypted files. If you enable "strong private key protection" when you
> > import the .pfx file, you will be prompted for a smart card when trying to
> > open your encrypted files. Strong private key protection has never been
> > compatible with EFS. (A good reference for this is "Recover encrypted files
> > or folders" in Vista's Help and Support.) There is an easy fix: repeat the
> > import without selecting the option. No need to delete the previous
> > certificate; the new import will overwrite it.
> >
> > Thanks.
> > Pat
> > --
> > This posting is provided "AS IS" with no warranties, and confers no rights.
> >
> >
> > "James" wrote:
> >
> > > I'm having a somewhat similar problem as Brandon...
> > >
> > > I had encrypted a folder with the EFS in Vista 32-bit, although recently the
> > > OS failed (following a fatal/bad install of the cd burning tool alcohol
> > > 120%).. I later reinstalled a clean copy of Vista 64-bit about a week later.
> > > When I origianlly encryted the folder before it went down, I was prompted to
> > > back up some type of security certificate (a .pfx file) should I need to
> > > recover the encrypted data - which I did on to a USB flash drive.
> > > In the clean install of windows vista 64-bit, I imported the backed up .pfx
> > > file, tapped in my password and as far as I could tell it imported
> > > successfully. However, when I tried to access the encryted folder I was
> > > presented with a 'Insert a smart card' diaglog and it will go no further.
> > > Now let me please _clearly_ state for the record - Neither of the two
> > > conditions you mentioned to Brandon were met for me. I was using all default
> > > EFS/policy settings (as I had not changed nothing at all). I am the only user
> > > of this computer, so we can rule out tamperings by another
> > > user/administrator. I NEVER used a smart card to encrypt the data originally,
> > > in fact I don't even OWN a smart card or smart card reader. I have everything
> > > Window's recommended I back up for recovery so how do I get rid of this
> > > strange prompt for a smart card and gain access back to my important files?
> > >
> > >
> > >
> > > Hoffer [MSFT]" wrote:
> > >
> > > > EFS will use a smart card certificate for encryption only if one of these
> > > > conditions has occurred:
> > > > 1. Group policy requires it. (Group policy does not, however, require
> > > > smart cards for EFS by default. It must have been configured by an
> > > > administrator.)
> > > > 2. The user has specifically selected to use a smart card certificate
> > > > through the EFS wizard.
> > > >
> > > > Do either of these apply to you? If not, can you give more details?
> > > >
> > > > Thanks.
> > > > Pat
> > > > --
> > > > This posting is provided "AS IS" with no warranties, and confers no rights.
> > > >
> > > >
> > > > "Brandon" wrote:
> > > >
> > > > > My Vista Ultimate machine thinks I'm supposed to be using a Smart card to
> > > > > encrypt files using EFS as it's prompting me for a Smart Card Pin. But I've
> > > > > NEVER used a smart card. How can I get Vista to realize this?
> > > > >
> > > > > Brandon
> > > > >
> > > > >