Re: Installation & Encryption Nightmare

From: Bruce Chambers (bchambers@nospam.cableone.net)
Date: 02/08/03 

From: "Bruce Chambers" <bchambers@nospam.cableone.net>
Date: Sat, 8 Feb 2003 10:42:19 -0700

Greetings --

    If the user's encryption certificates and keys were not backed up
before the reinstallation, and the workstation isn't part of a domain,
those file are gone. Encryption works well and there is no "back
door." (Wouldn't be much point to EFS if it were vulnerable.)

Bruce Chambers
Microsoft MVP - Shell/User
http://dts-l.org/goodpost.htm 

----
You can have peace.  Or you can have freedom.  Don't ever count on 
having both at once. -- RAH
"Mark & Dominique" <wastingmy@yahoo.com> wrote in message 
news:006f01c2cf97$670271e0$d4f82ecf@TK2MSFTNGXA11...
> First, I apologize for anything extraneous or irrelevant,
> but I
>
> don't know the different between irrelevant details and
> crucial
>
> ones, so I'm just telling it all, and apologizing in
> advance.
>
> STARTED WITH: XP PRO installation (in Dec 2001) from the
> MSDN
>
> installed on a year-old AMD Athlon 1800.
>
> FAILED SP1: It didn't like the Security Key and refused to
> allow
>
> SP1 to install, so we went out and bought a new copy of XP
> PRO
>
> OEM.
>
> SEEMED LIKE A GOOD IDEA AT THE TIME: Last summer. we
> encrypted
>
> the "Documents and Settings" folder as a safeguard in case
> the
>
> computer was ever stolen. There were two user accounts:
> Mark and
>
> Dominique. The files were encrypted from the Mark account,
>
> although both accounts are administrators.
>
> THE STUPIDITY: We didn't make security key certificate -- 
> never
>
> dreamed anything could happen to make the accounts just
>
> "disappear".
>
> WHAT WENT WRONG: An "upgrade" to a new version of XP Pro
> OEM SP1
>
> was attempted in the C:\WINDOWS directory and became
> botched
>
> after the blue installation screen claimed it couldn't
> copy
>
> several dozen files from the CD.
>
> Quitting the installation several times and trying it on a
>
> second PC worked fine, so it wasn't the CD. There seemed
> no
>
> option but to skip the files it couldn't read and continue.
>
> AND NOW: When trying to boot normally, we get an error
> that says
>
> something about the Product Key cannot be verified. We are
> only
>
> able to boot into C:\WINDOWS Safe Mode, and only able to
> login
>
> as the Admin using the old password (so this must still be
> the
>
> original Admin acct). The two accounts (Mark and
> Dominique) are
>
> now "missing" from the XP login screen -- but if we could
> get
>
> those accounts "back" and log into them, then the files
> could be
>
> unencryped, a security key certificate generated, or the
> folder
>
> itself unencrypted.
>
> POSSIBLITY:Prior to doing anything on C:\WINDOWS, we
> exported
>
> the entire registry to a file called registry.reg (79MB).
> We
>
> still have that. Could the Mark and Dom accounts be in
> there
>
> somewhere and importable?
>
> THINGS WE TRIED:
>
> 1) From C:\WINDOWS Safe Mode, importing the registry.reg
> file
>
> didn't work and prevented even Safe Mode from working.
> Copying
>
> files (like "security" and "software") from
> C:\WINDOWS\REPAIR to
>
> C:\WINDOWS\SYSTEM32\CONFIG allowed access to Safe Mode
> again.
>
> 2) Looked for a "Restore Point" when in Safe Mode but
> there
>
> didn't seem to be any.
>
> 3) Tried "Last Known Good Configuaration".
>
> 4) NTFSDOS from Winternals said the files weren't there
> when
>
> trying to see them from a command prompt under NTFS DOS.
>
> 5) As Administrator, tried to create a recovery agent or
> export a security key certificate. While it did create
> one, it didn't seem to work when logged onto D:\WINDOWS
> (do you have to be logged into a regular acct. on the
> C:\WINDOWS directory for this to work?)
>
> WHAT WE WANT:
> A) To recover the user account (Mark) and unencrypt the
> files.
>
> OR
>
> B) As Administrator of C:\WINDOWS, to create a usable
> recovery agent or export a security key certificate, and
> to know how/who to login as to get it to work (i.e., does
> it not work in Safe Mode? or not as Admin?)
>
> OR
>
> C) To get at the files any way possible and get them out
> of that
>
> encrypted folder.
>
> Thanks for any ideas you may have.
>
> Mark & Dominique, Idiots At Large (who know just enough to
> be truly dangerous)

Relevant Pages

  • Re: EFS - Encryption and User Migration
    ... > 4) SOURCE holds user accounts and groups ... > network login script depending upon their logonserver. ... create a dummy user, setup the encryption, migrate the account to the other ... > and encrypted data, we have no real way of knowing this. ...
    (microsoft.public.windows.server.general)
  • Re: EFS - Encryption and User Migration
    ... > 4) SOURCE holds user accounts and groups ... > network login script depending upon their logonserver. ... create a dummy user, setup the encryption, migrate the account to the other ... > and encrypted data, we have no real way of knowing this. ...
    (microsoft.public.windows.server.migration)
  • Re: EFS - Encryption and User Migration
    ... > 4) SOURCE holds user accounts and groups ... > network login script depending upon their logonserver. ... create a dummy user, setup the encryption, migrate the account to the other ... > and encrypted data, we have no real way of knowing this. ...
    (microsoft.public.windows.server.security)
  • Re: Users Are Gone, Cant Login
    ... I did not have early restore points to choose from. ... disk and go from there. ... Using your arrow keys, select "Safe Mode" ... > system with similar user accounts installed on it. ...
    (microsoft.public.windowsxp.general)
  • Re: Help - At the Windows XP Login there are no user accounts to c
    ... I tried going into safe mode - but there are no user accounts listed, ... Forgotten your Windows XP Home password ... do/press the Ctrl-Alt-Del keys twice to display the ...
    (microsoft.public.windowsxp.general)