Re: Decrypting a W2K encrypted file
From: Joel Wilson (jwilson@caliber-one.com)
Date: 11/01/02
- Next message: Daniel Angelucci: "Re: IPSec auditing"
- Previous message: Karl Levinson [x y] mvp: "Re: Duplicated SID's"
- In reply to: Kevin Paquin: "Re: Decrypting a W2K encrypted file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Joel Wilson" <jwilson@caliber-one.com> Date: Fri, 1 Nov 2002 08:50:32 -0800
Did you find out what to do with these files? I'm in a
similiar situation and I do have access to the user's
CRYPTO and PROTECT directory. Can I use these to decrypt a
file? THanks.
</joel>
>-----Original Message-----
>Alright, I finally managed to get the machine back to
work on it. I found
>both the crypto and the private folders and both have 1
file that was
>created before the repair was done (by the dates, they
appear to be the
>original files from when he setup the encryption on his
machine). I'm not
>sure what to do with the files now that I have them
though, there doesn't
>seem to be a way to import them...
>
>"Robert Gu [MS]" <robertg@online.microsoft.com> wrote in
message
>news:ugd#m1MYCHA.2044@tkmsftngp11...
>> You are right. The key is to find the private key. It
could be damaged in
>> repairing. Try to search a directory called "Protect"
on your disks. It it
>> marked as SYSTEM and HIDDEN. In XP, it is at,
>>
>> %userprofile%\Application Data\Microsoft\Protect
>>
>> Another directory called "Crypto" is also important. It
usually lives in
>the
>> same tree as Protect. When you find these directories,
look if there are
>> files created before the date you did the repairing. IN
the CMD window,
>you
>> should use DIR /A to find these dir and files.
>>
>> --
>> This posting is provided "AS IS" with no warranties,
and confers no
>rights.
>>
>> Robert Gu [MS Security Developer]
>> "Kevin Paquin" <kevin.paquin@naviplan.com> wrote in
message
>> news:O7DYnvMYCHA.2540@tkmsftngp09...
>> > Ok then, so much for that...
>> > I switched the user's password back to what it was
before, but no luck.
>> In
>> > MMC, it says that his certificate is there, but it
can't find his
>private
>> > key (it says this when I try to export the
certificate). Where is this
>> > private key stored? Would it have been overwritten
when windows was
>> > repaired? If not, it should still be there
somewhere...
>> >
>> > "Robert Gu [MS]" <robertg@online.microsoft.com> wrote
in message
>> > news:#I#7wTCYCHA.2652@tkmsftngp10...
>> > > The paper you read is out dated white paper. We
never wrote efsrecvr.
>> > >
>> > > --
>> > > This posting is provided "AS IS" with no
warranties, and confers no
>> > rights.
>> > >
>> > > Robert Gu [MS Security Developer]
>> > > "Kevin Paquin" <kevin.paquin@naviplan.com> wrote in
message
>> > > news:Obs3osBYCHA.1748@tkmsftngp09...
>> > > > I'm running Windows 2000, not XP, if that makes a
difference.
>Here's
>> > the
>> > > > Microsoft article regarding efsrecvr:
>> > > >
>> > >
>> >
>>
>http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/prodtechn
>> > > > ol/windows2000serv/deploy/nt5efs.asp
>> > > >
>> > > > The user's password has since changed though,
I'll get him to switch
>> it
>> > > back
>> > > > and try that, thanks.
>> > > >
>> > > >
>> > > > "Robert Gu [MS]" <robertg@online.microsoft.com>
wrote in message
>> > > > news:OI5pVtAYCHA.2328@tkmsftngp12...
>> > > > > There is no efsrecvr. You must be reading out
dated papers.
>> > > > >
>> > > > > For more updated info on EFS, read the
following,
>> > > > >
>> > > > >
>> > > >
>> > >
>> >
>>
>http://www.microsoft.com/WindowsXP/pro/techinfo/administra
tion/recovery/defa
>> > > > > ult.asp
>> > > > >
>> > > > > Your files are lost if you have done nothing
about export your
>keys.
>> > The
>> > > > > only way you can try if the encryption account
is domain account,
>> > > > >
>> > > > > 1. Find your old profile.
>> > > > > 2. Copy all the old profile files into your new
profile.
>> > > > > 3. Logon with the same password with the same
user.
>> > > > >
>> > > > > If your old profiles are damaged, this would
not work.
>> > > > >
>> > > > > --
>> > > > > This posting is provided "AS IS" with no
warranties, and confers
>no
>> > > > rights.
>> > > > >
>> > > > > Robert Gu [MS Security Developer]
>> > > > > "Kevin Paquin" <kevin.paquin@naviplan.com>
wrote in message
>> > > > > news:#9TyBmAYCHA.1792@tkmsftngp12...
>> > > > > > I have a user that crashed his computer.
Upon repairing Windows
>> > 2000,
>> > > > he
>> > > > > > can no longer access his encrypted files.
His key is still
>there
>> in
>> > > > MMC,
>> > > > > > but the file will not decrypt. We are on a
domain, but are not
>> > > running
>> > > > > > active directory, and therefore do not have
any recovery agents.
>> > The
>> > > > > local
>> > > > > > administrator on his machine is also unable
to decrypt the file.
>> I
>> > > have
>> > > > > not
>> > > > > > tried the efsrecvr utility since I am unable
to find it... I
>> > assumed
>> > > it
>> > > > > was
>> > > > > > just a regular windows command, but if it is,
it's not one that
>I
>> > have
>> > > > on
>> > > > > my
>> > > > > > machine...
>> > > > > > Does anyone know where I can find the
efsrecvr utility (and if
>it
>> > will
>> > > > > > work?)
>> > > > > > Is there any other method I can use to
decrypt this file?
>> > > > > >
>> > > > > > Any help would be greatly appreciated.
>> > > > > >
>> > > > > > Thanks,
>> > > > > > Kevin Paquin
>> > > > > >
>> > > > > >
>> > > > >
>> > > > >
>> > > >
>> > > >
>> > >
>> > >
>> >
>> >
>>
>>
>
>
>.
>
- Next message: Daniel Angelucci: "Re: IPSec auditing"
- Previous message: Karl Levinson [x y] mvp: "Re: Duplicated SID's"
- In reply to: Kevin Paquin: "Re: Decrypting a W2K encrypted file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
