Re: WIN2000 Encrypted Folders & Administrator Profile

From: Bevan (anonymous_at_discussions.microsoft.com)
Date: 07/11/04 

Date: Sun, 11 Jul 2004 14:38:53 -0700

Steven & Torgeir,

Many thanks for your invaluable help.

I tried the manual approach & found there were a couple of
pieces missing and so decided to go the Elcomsoft route
which gave me the results I was looking for.

Best Regards,
Bevan

>-----Original Message-----
>Steven L Umbach wrote:
>
>> If you know the password to the old administrator
account and have the old profile
>> you may be able to recover the EFS files. The EFS
private keys used are stored in the
>> profile of the user and Recovery Agent for those files.
There is no easy way however
>> after a reinstall, without exported private keys to
import. Microsoft may be able to
>> help with a paid support call or try one of the EFS
recovery programs such as the
>> one from ElcomSoft which has a free download that will
at least tell you if it can
>> find the keys associated with the files before you
spend the $99. The program will
>> look for the EFS private keys and then you need to
enter the password that the user
>> used for that account. If your computer was a member of
a domain, a domain
>> administrator may be a recovery agent. Efsinfo can be
helpful in determining who can
>> decrypt EFS files --- Steve
>>
>>
http://www.fileboost.net/directory/utilities/encryption/009
693_advanced_efs_data_recovery_review.html
>Hi
>
>If you have access to the user profile folders for the
user that
>encrypted the files and if you remember the password for
the user
>that encrypted the data, you might be able to save the
files
>without paying for a program or support call.
>
>Take a look at this site for more details:
>
>http://www.beginningtoseethelight.org/efsrecovery/
>
>
>--
>torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
>Administration scripting examples and an ONLINE version of
>the 1328 page Scripting Guide:
>http://www.microsoft.com/technet/community/scriptcenter/de
fault.mspx
>.
>

Relevant Pages

  • Re: Does W2K hold users email, EFS etc private key securely ?
    ... the location of private keys doesn't depend on how the Encrypted Data ... the file encryption key is not the public key. ... It is the FEK that is encrypted using the user's EFS public key, ... protect your EFS keys by limiting the success of password guessing or theft. ...
    (Focus-Microsoft)
  • Re: EFS & decrypting/deleting decrypted files
    ... no EFS private key exists because it can not be done. ... AES 256 encryption algorithm which is extremely strong encryption. ... Directory domain it is also possible to archive EFS private keys. ... If any of you MVP's don't want to dish the shit on removing the f-n' ...
    (microsoft.public.windowsxp.security_admin)
  • Re: efs and "encryption" overall... help?
    ... Private key is encrypted in user's profile. ... to private keys that will decrypt the files. ... Even if you backup the files on NTFS (EFS only works on NTFS) and restore ... Encrypting File System in Windows XP and Windows Server 2003 ...
    (microsoft.public.windows.server.networking)
  • Re: EFS on shared file server
    ... I need to use EFS on a shared folder of my file server. ... For grant access to many people to the file in folder I have created many EFS Recovery Agent. ... Is possible store the User Certificate for EFS on AD so if one user logon on different computer can always access encrypeted file? ...
    (microsoft.public.windows.server.security)
  • Re: Password question
    ... This change [versus W2K EFS] was done to improve confidentiality of EFS encrypted ... In W2K a recovery agent was required for EFS while it is not in XP Pro. ... are followed including encrypting only folders and may include the use of cipher /w ... > To avoid such data loss, do not reset a user's password. ...
    (microsoft.public.cert.exam.mcse)