Re: Restoring EFS and Passwords



<jwgoerlich@xxxxxxxxx> wrote in message
news:1184787551.871572.4210@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
That's the ticket! I restored the user's profile and system state,
then had the user change their password. The EFS-encrypted files were
then accessible. I owe you one, Roger.

Thank you very much,


I am glad it worked. I am also not too sure as to why
the profile no longer had the old cert/key available in
an accessible way once the password was reset to the
prior value however.

Roger

On Jul 13, 6:16 pm, "Roger Abell [MVP]" <mvpNoS...@xxxxxxx> wrote:
Hi Wolfgang,

That they could not gain access after the restore (did you
restore their profile and system state and the encrypted files
or just system state and the encrypted files ?) at first seemed
surprising to me.
When you restored system state it reverted their account
to their old password, but DPAPI would still be set to
use the new password as their profile had been touched
after the password was forgotten and reset. So perhaps
restoring their profile is needed so that they can get at
the stored key via the (system state) restored account pwd.
At least that is my thinking. Including restore of the
EFS encrypted files was a good idea as they may have
been altered in the attempts but probably not.

Roger

<jwgoerl...@xxxxxxxxx> wrote in message

news:1184354201.953509.137960@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx



I am working with a single Windows Server 2003 computer. It is not
part of an Active Directory domain. EFS is enabled and a couple users
are encrypting their files. Full backups with system state are
performed regularly using the default Windows Backup utility.

About a week ago, a user forgot their password. The administrator
reset it and, thus, locked them out of their EFS encrypted files. All
attempts by the user and the administrator to open the files results
in the "Access is denied" dialog box.

My job is to find a way for the user to open them. I did restore
system state and the encrypted files from a backup made a couple weeks
before. The user, whose memory has returned, logged in with their last
password. They still cannot decrypt the files, however.

What do I need to restore in order to for this user to decrypt their
files?

J Wolfgang Goerlich- Hide quoted text -

- Show quoted text -




.



Relevant Pages

  • Re: Restoring EFS and Passwords
    ... I restored the user's profile and system state, ... That they could not gain access after the restore (did you ... restore their profile and system state and the encrypted files ...
    (microsoft.public.security)
  • Re: registering a client to the domain
    ... Regarding lesson number 1... ... I did try to do a restore several times ... including the system state to no avail. ... >> causes the client to build a new profile for each user. ...
    (microsoft.public.windows.server.setup)
  • Re: registering a client to the domain
    ... Regarding lesson number 1... ... I did try to do a restore several times ... including the system state to no avail. ... >> causes the client to build a new profile for each user. ...
    (microsoft.public.windows.server.general)
  • Re: Restoring EFS and Passwords
    ... That they could not gain access after the restore (did you ... restore their profile and system state and the encrypted files ...
    (microsoft.public.security)
  • RE: Disater recover of a DC
    ... -- If the roles is RID master, you can leave it off until a dc requires to ... is sucessful, if so, plug back to aloow new schema replication. ... Don't stoe the system state only on the local ... I generally will only ever perform a system state dc restore for a DC that ...
    (microsoft.public.windows.server.active_directory)