![]() ![]() Note that PE may not be able to open EFS-encrypted files, as it doesn't use the same users as the running system (Safe Mode does though, and RE can access the key files if you have the password). PE is generally on Windows installation media and reached by booting from such external media RE is generally on a hidden partition of your hard disk and accessed from the advance boot options menu (as is Safe Mode). You can boot Windows in Safe Mode, or to the pre-installation environment (PE) or Recovery Environment (RE) in each of these cases there is a Windows OS running, but it has minimal processes or services running (in Safe Mode) or is running from a totally different installation (in PE or RE). This is built-in Windows security functionality, and completely transparent to the user (that is, the key is selected and unwrapped automatically if possible).īeyond that, there are various options for reading or manipulating files that the OS doesn't let you touch. The per-user keys are themselves encrypted with a key derived from the user's password. To read or modify a file encrypted with EFS, you need one of the keys that the file is encrypted to, which is generally one per-user key for each authorized reader of the file. Worse, a file can be encrypted using Windows' Encrypting File System (EFS). Mind you, just because the file isn't locked doesn't mean you are guaranteed access, even as Administrator a file can specifically deny Administrator (or the Administrators group) access to itself (in which case you need to forcibly overwrite the ACL, usually by taking ownership first). That will forcibly free all of the process' HANDLEs and make the file(s) available again. Obviously, once you have the process(es) identified, you can kill it/them (if you have the permissions). It will show you all the processes which have a HANDLE open to something with that name, and the path of the open HANDLE. One that's built into the operating system is a GUI app called "Resource Monitor" ( %windir%\system32\perfmon.exe /res or just resmon) go to the "CPU" tab, click in the "Search Handles" box in the header of the "Associated Handles" section, and type the file name (it does a full path search, so part of the name is file no need for a complete path unless it's a common name). To tell what process is holding a lock on the file (or on a registry key, pipe, etc.), you can use any of the tools for enumerating open HANDLEs on Windows. It doesn't matter at all what the relative privilege levels of the two processes are the lowliest sandboxed process could have a HANDLE open to a file that prevents even the SYSTEM account from doing anything significant with it. Exclusive access (which is the default on Windows, incidentally) prevents any other process from opening the file with more than the most minimal of privileges (enough to get basic metadata, and to tell when it changes or becomes available). The most likely reason that you can't open, move, or delete the files is because there's a running program that has them open with exclusive access. So my questions are, what could these files be, and how would I go about attempting to read their contents? I also cannot open them after having changed the owner, getting an error "ERROR Can not open file (.)". I tried searching for them online but there are exactly zero results. The files causing the permission issues are within the C:\ProgramData\Lenovo\Vantage\SystemData\Vaul directory and are called UPEAPIKey and UPEUserID. I tried opening the folder but was also being denied permissions to do so, so I changed the owner to myself. After that I attempted to delete the Lenovo folder within the C:\ProgramData directory, but got permission denied. So I manually deleted the Lenovo folder within the "Program Files (x86)" Windows directory. exe and attempting to run it would do nothing as far as I can tell. I attempted to uninstall it using Windows’ “Apps & features”, but it couldn’t locate the uninstaller’s. I have a Lenovo laptop and it had Lenovo Vantage installed. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |