Re: EFS on crashed OS
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 09/29/05
- Next message: Kathy: "Re: Can access secure site from dial-up but not from LAN network"
- Previous message: Steven L Umbach: "Re: How can this be done"
- Next in thread: Vanguard \(NPI\): "Re: EFS on crashed OS"
- Maybe reply: Vanguard \(NPI\): "Re: EFS on crashed OS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 29 Sep 2005 13:54:58 -0500
It may be the same domain user but his EFS certificate/private key was
destroyed when the OS was rebuilt and is needed to decrypt the files with
his user account.
Your options are.
-- See if the user exported his EFS private key to a password protected .pfx
file that can be imported by the user if he knows the password to the .pfx
file to decrypt the file.
-- See if there was a domain level Recovery Agent for that computer and if
so have the RA try to recover the files. The RA would need to logon to a
computer that contains his EFS private key or import it from .pfx file. The
EFS files could be backed up and restored to such computer. You can use the
tool efsino to see the user, RA, and thumbprints of certificates for each
that can decrypt the files.
http://support.microsoft.com/default.aspx?scid=kb;en-us;243026 --- efsinfo
-- If a backup of the users profile exists somewhere that contains the users
EFS private key it could possibly be used to decrypt the files with the help
from Microsoft support or trying the software from Elcomsoft [$99].
http://www.elcomsoft.com/aefsdr.html --- Elcomsoft
-- If no EFS private keys for the user or RA are not available the files can
not be recovered. Brute force cracking could be attempted but would take a
very long time with Windows 2000 which uses DESX and for Windows XP would be
next to impossible since it encrypts with AES 256. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;223316&sd=tech ---
EFS best practices and info.
"E. James" <EJames@discussions.microsoft.com> wrote in message
news:870BCB0D-4933-4BAA-A601-42B58314CA86@microsoft.com...
>I have a somewhat similar question regarding encrypted files. Clinet had
> multiple partitions on the workstation withthe OS isolated on the primary
> partition. Data files were maintained on a separate partition and even a
> separate HDD. The first HDD crashed, which contained the OS. No recovery
> method was successful due to hardware damage. New hardware was installed
> an
> a fresh OS was installed, using the same user information in the same
> domain.
> The original files exist and even specify that the encryption key holder
> is
> DOMAIN/user account. However, when the client logs on (user account was
> NOT
> modified in the domain during the downtime) the user can not access the
> encrypted files.
>
> What is the methodology to retreive these files since it is the same user
> account in the domain? Keep in mind that since it was a hardware crash,
> there was no possibility to export the keys after the crash.
>
> TIA,
>
- Next message: Kathy: "Re: Can access secure site from dial-up but not from LAN network"
- Previous message: Steven L Umbach: "Re: How can this be done"
- Next in thread: Vanguard \(NPI\): "Re: EFS on crashed OS"
- Maybe reply: Vanguard \(NPI\): "Re: EFS on crashed OS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
