EFS: decrypt files after lost pub/priv keys - possible?
From: Generally Crazy (generalcrazy_at_verizon.net)
Date: 12/30/03
- Next message: anonymous_at_discussions.microsoft.com: "Re: Trust Between NT4 and 2003"
- Previous message: Marina Roos: "Re: Trust Between NT4 and 2003"
- Next in thread: Shawn Rabourn \(MS\): "Re: decrypt files after lost pub/priv keys - possible?"
- Reply: Shawn Rabourn \(MS\): "Re: decrypt files after lost pub/priv keys - possible?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 30 Dec 2003 21:29:47 GMT
Normally I find most answers on the WEB ... newsgroups always seem to be in
such CHAOS it is almost impossible to follow threads - but here I am, the
whipped dog ... caving. So here goes ... really need help w/this one.
Here's the situation I'm in ... small home office ... Windows 2000, SP2,
updated to SP4 ... networked to NT server 4.0 (sp6a) domain controller.
Accidentally compressing a folder ... encryption was selected instead
<distracted> . 2 drives "C:" and "D:" email was stored on "D:" so the
encrypted files are intact, not accessible. Before realizing EFS had hold
of the folder, "C:" disk was reformatted with NTFS to reinstall win2K
[OS/PROG difficulties] and apparently lost private/public keys for EFS to
decrypt the files. Doing some reading ... Win2K RK to the rescue.
EFSINFO.EXE recovered thumbprints. True, security is always an issue. In
this instance, it would be nice 2 stuff the thumbprint into the current
certificate as the local or domain administrator to recover data. Our data
isn't of national security - ask my other half and she'd SWEAR it was as her
email & address books are inaccessible.
<sample recovered info>
mailbox.pst: Encrypted
<Local User>
Users who can decrypt:
PAKRATS.NET\deb (CN=deb,L=EFS,OU=EFS File Encryption Certificate)
Certificate thumbprint: 1F2B 647D 4F2A FFCE 7350 6265 27DD BBE4 91BF
E225
<Domain Admin> MYSELF
Recovery Agents:
PAKRATS.NET\ed (OU=EFS File Encryption Certificate, L=EFS, CN=ed)
Certificate thumbprint: 76FF 6958 F092 784D B916 41F0 BFDB C72D 8849
1A33
Although listed as the RA, I constantly get "access denied" when attempting
to decrypt via Windows Explorer and DOS window using cipher.exe. Checked
the ownership & access properties, all OK. WWW search for info, tips &
tricks lead to some info. Followed some other directions to discover keys,
certs and whatever else to decrypt the files. I seem to recall the SAM
changes during every installation <for obvious reasons> there is a
possibility recovery is not possible. CAVE DWELLING seems to be a
reasonable resort 'cuz the other half is on the warpath!
Testing an EFS after market tool to see if it was in fact legit in it's
claims to recover EFS files said it could repair the file - trial version
returns 512 bytes of the file ... of which was garbage as it was compared to
another MAILBOX.PST. We have never had reason to use EFS before, so this is
an entirely new situation. Reading the security stuff posted here revealed
just about all the same info I have found on the WWW with some distressing
info relating to NON RECOVERABLE.
There are a total of 4 files I need to recover of the most important is
mailbox.pst. ASAP. MMMMMMM - any thoughts on this?
Dog House Dwelling, bread and water only,
Ed <aka General Crazy>
- Next message: anonymous_at_discussions.microsoft.com: "Re: Trust Between NT4 and 2003"
- Previous message: Marina Roos: "Re: Trust Between NT4 and 2003"
- Next in thread: Shawn Rabourn \(MS\): "Re: decrypt files after lost pub/priv keys - possible?"
- Reply: Shawn Rabourn \(MS\): "Re: decrypt files after lost pub/priv keys - possible?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
