Re: HELP!: Decrypting Files After Partial System Crash
From: Karl Levinson [x y] mvp (levinson_k@despammed.com)
Date: 04/04/03
- Next message: Daniel Billingsley: "Re: Found hacker's folder"
- Previous message: Daniel Billingsley: "Re: Understanding security template INF structures"
- In reply to: EricMontague: "Re: HELP!: Decrypting Files After Partial System Crash"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Karl Levinson [x y] mvp" <levinson_k@despammed.com> Date: Thu, 3 Apr 2003 17:07:24 -0500
I could be wrong, but I believe that page mainly mentions restoring the
files in a standalone workgroup environment. Restoring the files on Windows
2000 in a Windows 2000 Domain environment is trivial [as long as your only
domain controller did not crash]... you just use the DRA Domain Recovery
Account on the domain to decrypt the files. Check the page again. The
author of that document does include his email address and has recently been
posting messages here as well. I could be wrong, but I thought the document
mentioned changing the user SID manually in the Registry.
"EricMontague" <ericmontague25@yahoo.com> wrote in message
news:5ef6b53b.0304031031.edb9d30@posting.google.com...
> Pete,
>
> This is an excellent site, if only I had it a week ago, but I still
> can't decrypt my files, but I know why. While I managed to to change
> the machine SID using System Internals wonderful tool, the user ID
> needs to be set to that of the old machine, what I believe is called
> the RID. The web page you refered to talks about making changes to the
> keys on the SAM hive, but I don't have any keys there and I believe it
> is because the page was talking about restoring EFS in a
> Domain-account environment, where as I am in a standalone Workgroup.
>
> So the question is how can I change the the user ID?
>
> PS - I already tried sequentially creating accounts until my number
> came up, but apparently Windows remembers old, deleted numbers and
> simply skips over them when they are called back into the sequence.
>
> "Peter Clark" <clark@hushmail.com> wrote in message
news:<06eb01c2f971$40b6d5e0$a001280a@phx.gbl>...
> > http://www.beginningtoseethelight.org/efsrecovery/
> >
> >
> > >-----Original Message-----
> > >OK hot shots here's a real bear for you guys to wrap
> > yourselves
> > >around.
> > >
> > >This is the deal: recently my WIN2K hard drive suffered a
> > massive
> > >crash. Scan of the disk revealed permanent errors on the
> > drive and
> > >about 20-30 percent of the files were lost for good.
> > However I was
> > >able to salvage the remaining 80-70 percent (including
> > most of the
> > >Doc's & Settings, Prog Files, WINNT, System32\CONFIG, etc.
> > >directories) and back them up accordingly to a stable drive.
> > >
> > >However a number of my data files were encrypted with EFS
> > and while I
> > >was able to restore them to my new partition, they remained
> > >encrypted. My questions are thus:
> > >
> > >(1) Is there any way to use the old files to a create a
> > PKS file?
> > >(2) Where and what are the files and directories that
> > WIN2K uses for
> > >user EFS?
> > >(3) My last resort is to retroactively create a 'ghost'
> > image of my
> > >old WIN2K system and on the good drive. This very time
> > consuming and
> > >when I tried it, it didn't work. Specifically the system
> > booted and
> > >proceeded all the way to the login is screen but I was
> > unable to login
> > >as all of my input devices where not activated. So the
> > question is, if
> > >this procedure is the only recourse, what is the best way
> > to implement
> > >this so I can actually login on decrypt my old files?
> > >
> > >T I A !!!!!!!!!!!
> > >.
> > >
- Next message: Daniel Billingsley: "Re: Found hacker's folder"
- Previous message: Daniel Billingsley: "Re: Understanding security template INF structures"
- In reply to: EricMontague: "Re: HELP!: Decrypting Files After Partial System Crash"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
