Re: NT profile corrupt, now EFS files lost?

From: Steven Umbach (n9rou_at_n0spam-comcast.net)
Date: 02/24/05

• Next message: Steven Umbach: "Re: prevent remote desktop connections"
• Previous message: Steven Umbach: "Re: Hotfix Removal"
• In reply to: Tim166: "NT profile corrupt, now EFS files lost?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 23 Feb 2005 22:58:01 -0600

In Windows 2000 non domain computer the built in administrator account is the
EFS Recovery Agent. Try logging on as the built in administrator to see if you
can access the files. The EFS private keys used to decrypt EFS files are kept in
the user's profile. I don't know what you mean by rebuilding the account but if
the original profile still exists or you have a backup that includes the EFS
private key you still may be able to decrypt the files though you would probably
need the help of Microsoft support or a not for free third party tool such as
the one from Elcomsoft. Their trial version could find if the key exists but the
trial version will only recover very small files. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316 --- info on and
best practices for EFS

"Tim166" <Tim166@discussions.microsoft.com> wrote in message
news:12909823-B8FF-4223-89CB-3C01DF7442EF@microsoft.com...
> My NT profile blew up on me yesterday and without me knowing it, My Documents
> were all encrypted. I rebuilt that original account, but it will not decrypt
> or access those files. I did a "cipher /k" command just to see and it came
> back saying something like "I/O in use" and would not generate a new key. So
> that account apparently can not generate a key and therefore can not decrypt
> those files no matter what. Is there something that I can do here?

• Next message: Steven Umbach: "Re: prevent remote desktop connections"
• Previous message: Steven Umbach: "Re: Hotfix Removal"
• In reply to: Tim166: "NT profile corrupt, now EFS files lost?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: EFS encrypt files: Changed PW now cant access... :-( ... and accidentally used XPpro's EFS. ... account and changed the password for the account they couldn't figure ... supposed to be able to find EFS keys and or use SYS-startup keys, ... master keys and was unable to attempt to decrypt the files etc. ... (microsoft.public.windowsxp.security_admin) Re: EFS encrypt files: Changed PW now cant access... :-( ... .xls files and accidentally used XPpro's EFS. ... account they couldn't figure out. ... SYS-startup keys, provided that you have the original ... decrypt the files etc. ... (microsoft.public.windowsxp.security_admin) Re: EFS Certs in AD or local PC? ... If his profile is in AD and we import his cert, will he be able to decrypt ... The users EFS private key is stored in the user's profile but not in a way ... If there are no correct EFS private keys [user ... configured then the RA [usually built in domain administrator account] ... (microsoft.public.windows.server.sbs) Re: decrypt files after lost pub/priv keys - possible? ... Drive C that contained your operating system and user profiles also contained the EFS ... private keys needed to decrypt those files. ... users and recovery agent's profiles and unless you ... (microsoft.public.win2000.security) Re: EFS Certs in AD or local PC? ... import it into his user account profile and use it. ... The public key certificate is used to encrypt the EFS files. ... The users EFS private key is stored in the user's profile but not in a ... computer other than the original OS] that can possibly decrypt EFS files ... (microsoft.public.windows.server.sbs)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint