Re: recover EFS files from old PC
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Thu, 27 Apr 2006 19:38:39 -0700
XP uses a different default encryption method than does W2k.
Try hanging the disk on machine of same OS version as the origin.
Remember to remove the DRA key from the decrypting machine
when done, and in my opinion you are well off not to have a
roaming profile for the DRA to leave this scattered about (though
the DRA should only be logged into when needed).
"=pathfinder=" <pathfinder@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0714E16C-38D5-4987-B3F6-F4709E85B260@xxxxxxxxxxxxxxxx
I went to the domain security policy and exported the DRA's private key,
imported it onto the PC in question while logged in as the DRA. I was
finally able to get into the files transparently.
So then I tried to PC that has the hard drive from the original broken
laptop in it and tried to repeat the process. the PC has windows 2000 (my
laptop has XP) but the process does not work. what would be different as
far
as EFS goes that would stop this process from working?
"Roger Abell [MVP]" wrote:
Check out efsinfo utility (I forget, from the support tools?) and
use it to read the thumbprints on the files and compare to the
DRA info. Also, make sure that the private key and not just
the DRA cert is in the store of the account being used (for
example, try exporting and see if you are able to export both
parts).
"=pathfinder=" <pathfinder@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:25A8451F-3305-46DF-A43C-9FA34B5B80B8@xxxxxxxxxxxxxxxx
I logged onto a test laptop (that has encrypted user data on it) as my
renamed domain admin account. I looked in that admins personal
certificate
store and can see a valid domain CA supplied cert for the purpose of
File
Recovery. I took ownership of a test file, but could not decrypt it.
I
even
added the admin account to the permissions with full control perms and
could
not open it. Decrypting fails with an ''an error occurred applying
attribute
to the file - access is denied" message.
how do i proceed?
"Roger Abell [MVP]" wrote:
What it shows as the DRAs are the DRAs. However, if while logged
in as one of them you do not see the DRA EFS cert/key when looking
in the certificates.msc private store for the account, then that is
why
use of that account at that machine is not decrypting.
Also, as you likely know, inability to decrypt appears the same as
lack of NTFS permissions, so make sure account has permissions
to the files, taking ownership if necessary in order to set perms.
"=pathfinder=" <pathfinder@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:65C892B2-6F8C-4B9D-90C2-BD344C61200C@xxxxxxxxxxxxxxxx
my AD account is a DRA, but I am unable toget baack into this guys
files.
his laptop OS died, we removed the HDD and slaved it into a domained
PC.
we
can see the files but when i try to open them it says i have
insufficient
permissions.
I did not import a key, i thought it was transparent.
After reading some of the links Shenan provided i am concerned. I am
not
100% sure which was our first DC, and the original administrator has
been
renamed. in the EFS DRA list in AD is shows my account and
administrator
as
the 2 DRA's. my renamed version of administrator is not listed.
"Roger Abell [MVP]" wrote:
How is it that use of the recovery agent (DRA) is failing ?
Where is it that you are trying to use the DRA? Are you
sure the DRA key is imported on that machine ?
"=pathfinder=" <pathfinder@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:79FB55A7-0C42-4BF0-BE1C-B61E9A1B5891@xxxxxxxxxxxxxxxx
I have a similar issue, the files were encrypted with a domain
based
CA,
OS
(XP SP2) got corrupted and now when we try to open/copy/decrypt
the
files
we
get a no access error. I am an efs recovery admin but that does
not
help.
"never exported your key/cert " - explain how please.
"Shenan Stanley" wrote:
IIA wrote:
Motherboard of my old notebook died... i am trying to move my
files
from the old hard drive to the new PC, but cant copy any of
the
folders/files from my old Documents and Settings folder. I
remember
they were all made private and encrypted. How can i get access
to
these files ?
Were they actually "encrypted"?
If so - and if you never exported your key/cert - *poof* -
they're
likely
gone.
Although - my bet is you are getting "access denied" messages
and
perhaps
used the incorrect terminology.
How to Take Ownership of a File or Folder in Windows XP
http://support.microsoft.com/kb/308421
How to disable simplified sharing & set permissions
on a shared folder in Windows XP
http://support.microsoft.com/kb/307874
--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html
.
- References:
- Re: recover EFS files from old PC
- From: Shenan Stanley
- Re: recover EFS files from old PC
- From: Roger Abell [MVP]
- Re: recover EFS files from old PC
- From: =pathfinder=
- Re: recover EFS files from old PC
- From: Roger Abell [MVP]
- Re: recover EFS files from old PC
- From: =pathfinder=
- Re: recover EFS files from old PC
- From: Roger Abell [MVP]
- Re: recover EFS files from old PC
- From: =pathfinder=
- Re: recover EFS files from old PC
- Prev by Date: Re: what do u do or look for
- Next by Date: Re: user profile
- Previous by thread: Re: recover EFS files from old PC
- Next by thread: Re: recover EFS files from old PC
- Index(es):
Relevant Pages
|
