Re: recover EFS files from old PC

I went to the domain security policy and exported the DRA's private key,
imported it onto the PC in question while logged in as the DRA. I was
finally able to get into the files transparently.
So then I tried to PC that has the hard drive from the original broken
laptop in it and tried to repeat the process. the PC has windows 2000 (my
laptop has XP) but the process does not work. what would be different as far
as EFS goes that would stop this process from working?

"Roger Abell [MVP]" wrote:

Check out efsinfo utility (I forget, from the support tools?) and
use it to read the thumbprints on the files and compare to the
DRA info. Also, make sure that the private key and not just
the DRA cert is in the store of the account being used (for
example, try exporting and see if you are able to export both
parts).

"=pathfinder=" <pathfinder@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:25A8451F-3305-46DF-A43C-9FA34B5B80B8@xxxxxxxxxxxxxxxx
I logged onto a test laptop (that has encrypted user data on it) as my
renamed domain admin account. I looked in that admins personal
certificate
store and can see a valid domain CA supplied cert for the purpose of File
Recovery. I took ownership of a test file, but could not decrypt it. I
even
added the admin account to the permissions with full control perms and
could
not open it. Decrypting fails with an ''an error occurred applying
attribute
to the file - access is denied" message.

how do i proceed?

"Roger Abell [MVP]" wrote:

What it shows as the DRAs are the DRAs. However, if while logged
in as one of them you do not see the DRA EFS cert/key when looking
in the certificates.msc private store for the account, then that is why
use of that account at that machine is not decrypting.
Also, as you likely know, inability to decrypt appears the same as
lack of NTFS permissions, so make sure account has permissions
to the files, taking ownership if necessary in order to set perms.

"=pathfinder=" <pathfinder@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:65C892B2-6F8C-4B9D-90C2-BD344C61200C@xxxxxxxxxxxxxxxx
my AD account is a DRA, but I am unable toget baack into this guys
files.
his laptop OS died, we removed the HDD and slaved it into a domained
PC.
we
can see the files but when i try to open them it says i have
insufficient
permissions.

I did not import a key, i thought it was transparent.

After reading some of the links Shenan provided i am concerned. I am
not
100% sure which was our first DC, and the original administrator has
been
renamed. in the EFS DRA list in AD is shows my account and
administrator
as
the 2 DRA's. my renamed version of administrator is not listed.

"Roger Abell [MVP]" wrote:

How is it that use of the recovery agent (DRA) is failing ?
Where is it that you are trying to use the DRA? Are you
sure the DRA key is imported on that machine ?


"=pathfinder=" <pathfinder@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:79FB55A7-0C42-4BF0-BE1C-B61E9A1B5891@xxxxxxxxxxxxxxxx
I have a similar issue, the files were encrypted with a domain based
CA,
OS
(XP SP2) got corrupted and now when we try to open/copy/decrypt the
files
we
get a no access error. I am an efs recovery admin but that does not
help.

"never exported your key/cert " - explain how please.


"Shenan Stanley" wrote:

IIA wrote:
Motherboard of my old notebook died... i am trying to move my
files
from the old hard drive to the new PC, but cant copy any of the
folders/files from my old Documents and Settings folder. I
remember
they were all made private and encrypted. How can i get access to
these files ?

Were they actually "encrypted"?
If so - and if you never exported your key/cert - *poof* - they're
likely
gone.

Although - my bet is you are getting "access denied" messages and
perhaps
used the incorrect terminology.

How to Take Ownership of a File or Folder in Windows XP
http://support.microsoft.com/kb/308421

How to disable simplified sharing & set permissions
on a shared folder in Windows XP
http://support.microsoft.com/kb/307874

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html












.

Relevant Pages

  • Re: recover EFS files from old PC
    ... Remember to remove the DRA key from the decrypting machine ... renamed domain admin account. ... lack of NTFS permissions, so make sure account has permissions ...
    (microsoft.public.security)
  • Re: recover EFS files from old PC
    ... DRA info. ... renamed domain admin account. ... lack of NTFS permissions, so make sure account has permissions ... How to Take Ownership of a File or Folder in Windows XP ...
    (microsoft.public.security)
  • Re: EFS recovery agents
    ... Keep in mind the docs are now up-rev'd for Windows 2003 Server ... Defining an account as DRA in policy is only part of making that DRA ... When decryption fails, or NTFS access checks fail, ...
    (microsoft.public.win2000.security)
  • Re: Using cipher.exe to Create a DRA Certificate
    ... > in how to create a DRA Certificate. ... This command will generate filename.PFX (for data recovery) and filename.CER ... Back Up Your Encrypting File System Private Key in Windows 2000 ...
    (microsoft.public.windowsxp.security_admin)
  • Re: EFS | Encryption | import private key
    ... My 300 laptops are in my domain but they are not connect to it. ... So if the private key of a user "crash", we want to be able to recover the ... certificate of 1 DRA on all the laptops (I said private key on my last post ... but I think it's the certificate, ...
    (microsoft.public.security)