Re: Cannot get EFS recovery agent function to work!
From: kgstrong (kgstrong_at_hotmail.com)
Date: 03/27/05
- Previous message: Roger Abell: "Re: FTP user folder problem"
- In reply to: Steven L Umbach: "Re: Cannot get EFS recovery agent function to work!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 26 Mar 2005 16:12:21 -0800
I did reinstall Win2k from scratch a while back; then restored the rest
of my files from a backup. The certificate that the files were
encrypted with no longer exists on my system.
However, I was able to decrypt the files using a program called Advanced
EFS Data Recovery ($99) from elcomsoft.com. All-in-all an expensive
lesson in what NOT to do.
Thanks for the help.
Ken Strong
Steven L Umbach wrote:
> Yes the thumbprints need to match for either the user or Recovery Agent. If
> you have a stand alone computer and the RA is the built in administrator
> account [which it would be by default] then logon as that account and try to
> decrypt the files. The utility efsinfo can display information on the
> recovery agent. You can use the certificates mmc snapin for user to view
> certificate information and the certificate will need to show that it has
> the matching private key for the certificate. If you reinstalled the
> operating system [other than an upgrade install] at some point the original
> user and RA certificate/private key would have been destroyed. The EFS
> certificate and private key for a user/RA are stored in the user's/RA's
> profile folder. --- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316 --- EFS best
> practices
>
> "kgstrong" <kgstrong@hotmail.com> wrote in message
> news:OnbX28sLFHA.2988@TK2MSFTNGP14.phx.gbl...
>
>>I'm new to Windows 2000, running Win2k Pro on a stand-alone machine. I
>>encrypted some files before I knew anything about EFS - now a program that
>>uses some of the files cannot access them. The files were encrypted under
>>my "power user" account. The certificate that Win2k used to encrypt them
>>is enabled for "All Purposes" including Encrypted File System, and File
>>Recovery. As Administrator, I cannot import this certificate for the
>>Recovery Agent - says it is not enabled for file recovery.
>>
>>My Recovery Agent certificate (issued by Administrator to Administrator,
>>has a different thumbprint and is for File Recovery only.
>>
>>Does EFS recovery agent's certificate thumbprint have to match the
>>certificate the files were encrypted with in order to recover these files?
>>
>>Ken
>
>
>
- Previous message: Roger Abell: "Re: FTP user folder problem"
- In reply to: Steven L Umbach: "Re: Cannot get EFS recovery agent function to work!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
