Re: disaster recovery/decryption? Possible?

From: Karl Levinson [x y] mvp (levinson_k_at_despammed.com)
Date: 12/30/03

• Next message: Paul: "Re: DCOM error with NTBACKUP and Certificate Services"
• Previous message: David Christensen: "how to get security info when using ntbackup on Windows 2000?"
• In reply to: OutlookSucks: "EFS: disaster recovery/decryption? Possible?"
• Next in thread: Shawn Rabourn \(MS\): "Re: disaster recovery/decryption? Possible?"
• Reply: Shawn Rabourn \(MS\): "Re: disaster recovery/decryption? Possible?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 30 Dec 2003 17:40:55 -0500

The outlook isn't good... but the best article on the subject is at
www.beginningtoseethelight.org Calling Microsoft using the phone numbers at
www.microsoft.com/support might help [think it's around $290]

"OutlookSucks" <outlook@sucks.biz> wrote in message
news:UxlIb.710$nK2.590@nwrddc01.gnilink.net...
> Normally I find most answers on the WEB ... newsgroups always seem to be
in
> such CHAOS it is almost impossible to follow threads - but here I am, the
> whipped dog ... caving. So here goes ... really need help w/this one.
>
> Here's the situation I'm in ... small home office ... Windows 2000, SP2,
> updated to SP4 ... networked to NT server 4.0 (sp6a) domain controller.
> Accidentally compressing a folder ... encryption was selected instead
> <distracted> . 2 drives "C:" and "D:" email was stored on "D:" so the
> encrypted files are intact, not accessible. Before realizing EFS had hold
> of the folder, "C:" disk was reformatted with NTFS to reinstall win2K
> [OS/PROG difficulties] and apparently lost private/public keys for EFS to
> decrypt the files. Doing some reading ... Win2K RK to the rescue.
> EFSINFO.EXE recovered thumbprints. True, security is always an issue. In
> this instance, it would be nice 2 stuff the thumbprint into the current
> certificate as the local or domain administrator to recover data. Our
data
> isn't of national security - ask my other half and she'd SWEAR it was as
her
> email & address books are inaccessable.
>
> <sample recovered info>
> mailbox.pst: Encrypted
> <Local User>
> Users who can decrypt:
> PAKRATS.NET\deb (CN=deb,L=EFS,OU=EFS File Encryption Certificate)
> Certificate thumbprint: 1F2B 647D 4F2A FFCE 7350 6265 27DD BBE4 91BF
> E225
>
> <Domain Admin> MYSELF
> Recovery Agents:
> PAKRATS.NET\ed (OU=EFS File Encryption Certificate, L=EFS, CN=ed)
> Certificate thumbprint: 76FF 6958 F092 784D B916 41F0 BFDB C72D 8849
> 1A33
>
> Although listed as the RA, I constantly get "access denied" when
attempting
> to decrypt via Windows Explorer and DOS window using cipher.exe. Checked
> the ownership & access properties, all OK. WWW search for info, tips &
> tricks lead to some info. Followed some other directions to discover
keys,
> certs and whatever else to decrypt the files. I seem to recall the SAM
> changes during every installation <for obvious reasons> there is a
> possibility recovery is not possible. CAVE DWELLING seems to be a
> reasonable resort 'cuz the other half is on the warpath!
>
> Testing an EFS after market tool to see if it was in fact legit in it's
> claims to recover EFS files said it could repair the file - trial version
> returns 512 bytes of the file ... of which was garbage as it was compared
to
> another MAILBOX.PST. We have never had reason to use EFS before, so this
is
> an entirely new situation. Reading the security stuff posted here
revealed
> just about all the same info I have found on the WWW with some distressing
> info relating to NON RECOVERABLE.
>
> There are a total of 4 files I need to recover of the most important is
> mailbox.pst. ASAP. MMMMMMM - any thoughts on this?
>
> Best of luck,
> Dog House Dwelling,
> bread and water only,
> Ed aka General Crazy
>
>

• Next message: Paul: "Re: DCOM error with NTBACKUP and Certificate Services"
• Previous message: David Christensen: "how to get security info when using ntbackup on Windows 2000?"
• In reply to: OutlookSucks: "EFS: disaster recovery/decryption? Possible?"
• Next in thread: Shawn Rabourn \(MS\): "Re: disaster recovery/decryption? Possible?"
• Reply: Shawn Rabourn \(MS\): "Re: disaster recovery/decryption? Possible?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: decrypt files after lost pub/priv keys - possible? ... Before realizing EFS had hold ... security is always an issue. ... > certificate as the local or domain administrator to recover data. ... > to decrypt via Windows Explorer and DOS window using cipher.exe. ... (microsoft.public.win2000.security) Re: EFS + unbootable HDD help ... ... EFS would not be secure. ... You will still need access to the ORIGINAL keys. ... I did make weekly backups and thus have the encrypted files ... Using Stellar's recovery tool I was able to recover ... (microsoft.public.windowsxp.help_and_support) EFS: disaster recovery/decryption? Possible? ... Before realizing EFS had hold ... certificate as the local or domain administrator to recover data. ... Users who can decrypt: ... changes during every installation <for obvious reasons> there is a ... (microsoft.public.win2000.security) EFS: decrypt files after lost pub/priv keys - possible? ... Before realizing EFS had hold ... certificate as the local or domain administrator to recover data. ... Users who can decrypt: ... changes during every installation <for obvious reasons> there is a ... (microsoft.public.win2000.security) Re: EFS disaster! ... this tool can decrypt you data. ... EFS on a WinXP SP1 machine using another WinXP installation without any ... Please let me know if there is way to recover the data.. ... (Focus-Microsoft)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint