Re: disaster recovery/decryption? Possible?

From: Drew Cooper [MSFT] (dcoop_at_online.microsoft.com)
Date: 12/31/03 

Date: Tue, 30 Dec 2003 18:49:12 -0800

Shawn - Does PSS do data recovery from reformatted, reinstalled volumes?
That would need to happen before anything else. And it's really unlikely
that anyone will be able to find the keys at all. 

-- 
Drew Cooper [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
"Shawn Rabourn (MS)" <shawnrab@online.microsoft.com> wrote in message
news:uwXFHozzDHA.2388@TK2MSFTNGP09.phx.gbl...
> Microsoft PSS has tools you can try.
>
> --Shawn
> This posting is provided "AS IS" with no warranties and confers no rights.
>
>
>
> "Karl Levinson [x y] mvp" <levinson_k@despammed.com> wrote in message
> news:euJMjWyzDHA.2148@TK2MSFTNGP12.phx.gbl...
> > The outlook isn't good... but the best article on the subject is at
> > www.beginningtoseethelight.org  Calling Microsoft using the phone
numbers
> at
> > www.microsoft.com/support might help [think it's around $290]
> >
> >
> > "OutlookSucks" <outlook@sucks.biz> wrote in message
> > news:UxlIb.710$nK2.590@nwrddc01.gnilink.net...
> > > Normally I find most answers on the WEB ... newsgroups always seem to
be
> > in
> > > such CHAOS it is almost impossible to follow threads - but here I am,
> the
> > > whipped dog ... caving.  So here goes ... really need help w/this one.
> > >
> > > Here's the situation I'm in ... small home office ... Windows 2000,
SP2,
> > > updated to SP4 ... networked to NT server 4.0 (sp6a) domain
controller.
> > > Accidentally compressing a folder ... encryption was selected instead
> > > <distracted> .  2 drives "C:" and "D:"  email was stored on "D:" so
the
> > > encrypted files are intact, not accessible.  Before realizing EFS had
> hold
> > > of the folder, "C:" disk was reformatted with NTFS to reinstall win2K
> > > [OS/PROG difficulties] and apparently lost private/public keys for EFS
> to
> > > decrypt the files.  Doing some reading ... Win2K RK to the rescue.
> > > EFSINFO.EXE recovered thumbprints.  True, security is always an issue.
> In
> > > this instance, it would be nice 2 stuff the thumbprint into the
current
> > > certificate as the local or domain administrator to recover data.  Our
> > data
> > > isn't of national security - ask my other half and she'd SWEAR it was
as
> > her
> > > email & address books are inaccessable.
> > >
> > > <sample recovered info>
> > > mailbox.pst: Encrypted
> > > <Local User>
> > >   Users who can decrypt:
> > >     PAKRATS.NET\deb (CN=deb,L=EFS,OU=EFS File Encryption Certificate)
> > >     Certificate thumbprint: 1F2B 647D 4F2A FFCE 7350 6265 27DD BBE4
91BF
> > > E225
> > >
> > > <Domain Admin> MYSELF
> > >   Recovery Agents:
> > >     PAKRATS.NET\ed (OU=EFS File Encryption Certificate, L=EFS, CN=ed)
> > >     Certificate thumbprint: 76FF 6958 F092 784D B916 41F0 BFDB C72D
8849
> > > 1A33
> > >
> > > Although listed as the RA, I constantly get "access denied" when
> > attempting
> > > to decrypt via Windows Explorer and DOS window using cipher.exe.
> Checked
> > > the ownership & access properties, all OK.  WWW search for info, tips
&
> > > tricks lead to some info.  Followed some other directions to discover
> > keys,
> > > certs and whatever else to decrypt the files.  I seem to recall the
SAM
> > > changes during every installation <for obvious reasons> there is a
> > > possibility recovery is not possible.  CAVE DWELLING seems to be a
> > > reasonable resort 'cuz the other half is on the warpath!
> > >
> > > Testing an EFS after market tool to see if it was in fact legit in
it's
> > > claims to recover EFS files said it could repair the file - trial
> version
> > > returns 512 bytes of the file ... of which was garbage as it was
> compared
> > to
> > > another MAILBOX.PST.  We have never had reason to use EFS before, so
> this
> > is
> > > an entirely new situation.  Reading the security stuff posted here
> > revealed
> > > just about all the same info I have found on the WWW with some
> distressing
> > > info relating to NON RECOVERABLE.
> > >
> > > There are a total of 4 files I need to recover of the most important
is
> > > mailbox.pst.  ASAP.  MMMMMMM - any thoughts on this?
> > >
> > > Best of luck,
> > > Dog House Dwelling,
> > > bread and water only,
> > > Ed aka General Crazy
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: Burn to Death
    ... You would be hard pressed to find an MVP who hasn't talked to PSS at ... recovery testing scenarios. ... to recover the death DCs the tape is 1 week old. ... DC1 - Domain Controller and Exchange Server - and DFS. ...
    (microsoft.public.exchange.admin)
  • RE: Trend Removed the priv1.stm file, exchange is not working!
    ... Restore Exchange Mailbox Store from tape ... I strongly recommend you to contact PSS if you want to soft recovery the ... >a suspect files folder. ...
    (microsoft.public.windows.server.sbs)