Re: Cannot open encrypted files

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 02/01/05 

Date: Mon, 31 Jan 2005 20:51:46 -0600

The private key used to decrypt EFS files is stored in the user's profile
and there may be a Recovery Agent depending on the operating system. Windows
2000 clients require a Recovery Agent which can also decrypt the EFS files.
The RA for a domain by default is the built in administrator account and the
RA key probably would be on the first domain controller in the domain -
usually pdc fsmo. You can use the efsinfo utility to find the Recovery Agent
for an EFS file.

Your options would be to use the Recovery Agent to decrypt the files, use
the user's private key if it had been exported to a password protected .pfx
file, or restore the users/Recovery Agent profile from a backup if the
backup contains the user's profile. To use a RA you can backup and restore
the EFS files to the RA's workstation or install the RA's
certificate/private key via a .pfx file to the computer where the EFS files
are. If you did a new install of the domain controller versus a restore from
a System State backup, you may need a tool from Microsoft support [not free]
or a third party recovery tool [not free] to attempt to recover the files
assuming there is access to the user's profile. The links below may
elp. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316
http://www.elcomsoft.com/aefsdr.html

"MCage" <MCage@discussions.microsoft.com> wrote in message
news:3439C2AE-61E0-4CAF-9A9B-970686D65FA6@microsoft.com...
> Hi all,
> I have HP server with Win2000 domain controller and 10 clients, my problem
> is one of these clients has encrypted files (large document, mail, photo)
> in
> all the suden the DC crashed (SW issue) so i did a new installation for DC
> and ISA and Exchange in other directory...But still I can't access the
> encrypted files
> How to solve such problem???

Relevant Pages

  • Re: Certificates, Keys, Mobile Users, Intended Usage
    ... One thing to consider would be to define a Recovery Agent for the domain as ... The RA is computer policy and would apply to EFS files for domain and local ... users password to gain access to the EFS files if the user's EFS private key ... > mobile user always logon using his cached domain credentials so that the ...
    (microsoft.public.win2000.security)
  • Re: Encrypted Files from a formatted drive
    ... There is no backdoor way to access EFS files. ... If there are no user or RA private key available then the files are forever ... > not a recovery agent nor the account that created encrypted the files. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Cannot Decrypt Files
    ... You can use ntbackup to backup and retire EFS files to another location. ... Agents certificate/private key are on the computer where the recovery is to ... Not every domain administrator is a Recovery Agent - just the user specified ... >> some files and folders have been encrypted and will not copy to a remote ...
    (microsoft.public.win2000.security)
  • Re: Recovery Agent fails to recover Encrypted Data
    ... >> EFS Recovery Certificate for a user, ... >> Recovery Agent. ... also encrypt a file with ordinary user, ... it is the holder of the *private key* that can open the file as ...
    (microsoft.public.win2000.security)
  • Re: EFS experiment - need help
    ... Recovery agent is not for your case. ... you just need to export your current EFS cert to a PFX file. ... > did I go into the MMC to Import it into Earl. ... > couldn't decrypt Administrator's EFS files at that point. ...
    (microsoft.public.windowsxp.security_admin)