Re: decrypt files after lost pub/priv keys - possible?
From: Shawn Rabourn \(MS\) (shawnrab_at_online.microsoft.com)
Date: 12/31/03
- Next message: Drew Cooper [MSFT]: "Re: EFS Private Keys"
- Previous message: Marina Roos: "Re: Trust Between NT4 and 2003"
- In reply to: Generally Crazy: "EFS: decrypt files after lost pub/priv keys - possible?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 30 Dec 2003 20:04:25 -0500
Microsoft PSS has tools you can try.
--Shawn
This posting is provided "AS IS" with no warranties and confers no rights.
"Generally Crazy" <generalcrazy@verizon.net> wrote in message
news:f7mIb.20139$E17.5@nwrddc02.gnilink.net...
>
> Normally I find most answers on the WEB ... newsgroups always seem to be
in
> such CHAOS it is almost impossible to follow threads - but here I am, the
> whipped dog ... caving. So here goes ... really need help w/this one.
>
> Here's the situation I'm in ... small home office ... Windows 2000, SP2,
> updated to SP4 ... networked to NT server 4.0 (sp6a) domain controller.
> Accidentally compressing a folder ... encryption was selected instead
> <distracted> . 2 drives "C:" and "D:" email was stored on "D:" so the
> encrypted files are intact, not accessible. Before realizing EFS had hold
> of the folder, "C:" disk was reformatted with NTFS to reinstall win2K
> [OS/PROG difficulties] and apparently lost private/public keys for EFS to
> decrypt the files. Doing some reading ... Win2K RK to the rescue.
> EFSINFO.EXE recovered thumbprints. True, security is always an issue. In
> this instance, it would be nice 2 stuff the thumbprint into the current
> certificate as the local or domain administrator to recover data. Our
data
> isn't of national security - ask my other half and she'd SWEAR it was as
her
> email & address books are inaccessible.
>
> <sample recovered info>
> mailbox.pst: Encrypted
> <Local User>
> Users who can decrypt:
> PAKRATS.NET\deb (CN=deb,L=EFS,OU=EFS File Encryption Certificate)
> Certificate thumbprint: 1F2B 647D 4F2A FFCE 7350 6265 27DD BBE4 91BF
> E225
>
> <Domain Admin> MYSELF
> Recovery Agents:
> PAKRATS.NET\ed (OU=EFS File Encryption Certificate, L=EFS, CN=ed)
> Certificate thumbprint: 76FF 6958 F092 784D B916 41F0 BFDB C72D 8849
> 1A33
>
> Although listed as the RA, I constantly get "access denied" when
attempting
> to decrypt via Windows Explorer and DOS window using cipher.exe. Checked
> the ownership & access properties, all OK. WWW search for info, tips &
> tricks lead to some info. Followed some other directions to discover
keys,
> certs and whatever else to decrypt the files. I seem to recall the SAM
> changes during every installation <for obvious reasons> there is a
> possibility recovery is not possible. CAVE DWELLING seems to be a
> reasonable resort 'cuz the other half is on the warpath!
>
> Testing an EFS after market tool to see if it was in fact legit in it's
> claims to recover EFS files said it could repair the file - trial version
> returns 512 bytes of the file ... of which was garbage as it was compared
to
> another MAILBOX.PST. We have never had reason to use EFS before, so this
is
> an entirely new situation. Reading the security stuff posted here
revealed
> just about all the same info I have found on the WWW with some distressing
> info relating to NON RECOVERABLE.
>
> There are a total of 4 files I need to recover of the most important is
> mailbox.pst. ASAP. MMMMMMM - any thoughts on this?
>
> Dog House Dwelling, bread and water only,
>
>
> Ed <aka General Crazy>
>
>
>
>
>
- Next message: Drew Cooper [MSFT]: "Re: EFS Private Keys"
- Previous message: Marina Roos: "Re: Trust Between NT4 and 2003"
- In reply to: Generally Crazy: "EFS: decrypt files after lost pub/priv keys - possible?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
