Re: decrypting a file question

From: douglas martin (dsmrtn-supt_at_pacbell.net)
Date: 06/01/05 

Date: Tue, 31 May 2005 16:42:00 -0700

I seem to have all profiles. I didn't reinstall anything. I just demoted
myt PDC to a member server and then joined my new domain.

I'll look into your suggestions and links. I only have 1 file small file
needing decryption.

regards,

doug

"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:#snqOEVZFHA.3364@TK2MSFTNGP09.phx.gbl...
> EFS has a way of biting people when it comes to accessing their own files.
> The EFS "private" key that is used to decrypt files is stored in the user
> profile of the user account that encrypted the file and the Recovery Agent
> profile that was in effect at the time that the files were encrypted/
> Windows 2000 requires a Recovery Agent which can be the built in local
> administrator account for the local computer or the built in administrator
> account for the domain. For a domain the built in administrator account
EFS
> recovery certificate would probably be on the first domain controller for
> the domain.
>
> I am not sure exactly all what you reconfigured but that may help give you
> somewhere to look. You can use the tool efsinfo to find the user and RA's
> that can decrypt a file and the thumbprint info for the certificates that
> will be helpful in tracking them down if they exist. The mmc snapin for
> certificates for user can be used to view the certificates on a computer
for
> a user in the personal/certificates folder. The EFS or Recovery Agent
> certificate needs to show that "you have the private key that corresponds
> with this certificate" on the general page of the certificate in order to
be
> able to decrypt the EFS certificate. If you find a Recovery Agent you can
> either back/restore the EFS files to the computer where the RA lives or
> export the RA certificate AND private key to a password protected .pfx
file
> to import to the computer where the EFS files are.
>
> Normally users have problems when the reinstall the operating system as
> profiles can be erased or associated with the wrong computer operating
> system ID. If you have a backup of the users profiles that encrypted the
> files you probably still have a copy of the EFS private key though it can
> not be restored via normal means. If that is the case and you know the
user
> password then you may be able to recover the EFS files with the help of
> Microsoft support [around $245] or the use of a program such as the one
from
> Elcomsoft that sells for $99. Elcomsoft does have a free trial download
that
> you can use but it will only recover very small files, but it should let
you
> know if the private keys are found or not. The first link below is to
> Elcomsoft and the other two may provide info to lead you to a
olution. ---
> Steve
>
> http://www.elcomsoft.com/aefsdr.html
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;q223316 --- EFS
> best practices.
>
ttp://support.microsoft.com/default.aspx?scid=kb;en-us;259732&sd=tech ---
> info on Recovery Agent
>
> "douglas martin" <dsmrtn-supt@pacbell.net> wrote in message
> news:Oj7VQLTZFHA.4088@TK2MSFTNGP15.phx.gbl...
> > I'm guessing I'm "sol" here but I just have to ask.
> >
> > A long while back I selected a folder to encrypt using the checkbox on
the
> > folders properties box in the advanced form. It worked just fine. I
> > never
> > did do anything about creating any certificates or agents or anything as
> > backup. I'm just an applications guy who needs a lan setup to do what I
> > do,
> > so I learned enough AD, DNS, Exchange and so forth to make it all more
or
> > less work. I do backups fairly well, and my systyem seems safe enough.
> >
> > Recently I upgraded my W2K PDC to be a W2K3 SBS PDC. I ran DCPROMO a
> > little
> > prematurely (on hind sight), and I neglected to remove the encryption
> > settings on this folder. This server is now just a member server in my
> > new
> > LAN with a new PDC.
> >
> > My files and such are all still there. And I can get to all of them,
just
> > can't access the encrypted ones.
> >
> > Is there an administractive "backdoor" that will gain me access?
> >
> > regards,
> >
> > doug
> >
> >
>
>

Relevant Pages

  • Re: Access Denied reading a shared encrypted file in Active Directory
    ... Microsoft does not recommend sharing EFS files on a network share unless the ... users have roaming profiles due to the complexity of managing the user's EFS ... have a user profile on the server and encrypts a file on that server then ... Directory in order to impersonate the user to request a user certificate ...
    (microsoft.public.windowsxp.security_admin)
  • Re: EFS - setting up Recovery Agent
    ... > 100 years must be for a self signed certificate?? ... >> One thing I do not understand is how the DRA EFS cert is ... >>> I have another question re the EFS Recovery Agent. ... >>> stations using smart cards)has an EFS policy using the default domain ...
    (microsoft.public.win2000.security)
  • Re: decrypting a file question
    ... EFS has a way of biting people when it comes to accessing their own files. ... The EFS "private" key that is used to decrypt files is stored in the user ... profile of the user account that encrypted the file and the Recovery Agent ... certificate needs to show that "you have the private key that corresponds ...
    (microsoft.public.win2000.security)
  • Re: EFS - setting up Recovery Agent
    ... If you are sure about the integrity of the EFS Recovery Agents private key, ... > I have another question re the EFS Recovery Agent. ... > Administrator certificate for EFS purposes has already expired. ...
    (microsoft.public.win2000.security)
  • EFS AND RECOVERY AGENTS
    ... chapter that talks about using EFS in a workgroup setting. ... externally because these files allow anyone to become a recovery agent. ... certificate store using certificate manager, then import the .cer file into ... My query is when using EFS in XP Pro in a workgroup, ...
    (microsoft.public.windowsxp.security_admin)