Re: EFS private key on slaved drive

From: Jeremy Rabalais (jrabalai_at_hotmail.com)
Date: 03/12/04 

Date: Fri, 12 Mar 2004 10:47:21 -0800

I looked at the link and it states "you will need a user
account of the same user and machine number as the
orginal. check this orginal folder name: c:\documents and
settings\%username%\application
data\microsoft\crypto\rsa\s-1-5-21-1078081533-1606980848-
854245398-1003". I can't access this as the %username%
folder is what's encrypted. Also, the original drive has
XP service pack 1 installed, but the one I'm booting off
of doesn't have any service packs on it. Could this be
the reason ELCOMSOFT's software would not decrypt the
private key even with the password supplied. Thanks a
bunch for helping out, I don't know what else to do at
this point.

On another note, I never explicitly encrypted the folder,
I just checked off the checkbox in XP to make the folder
private from other users. Doesn't anyone think that
Windows should at least warn you when it's doing this so
you can know to backup your private key?

>-----Original Message-----
>Jeremy wrote:
>
>> I have an ecrypted "My Documents" folder on an
unbootable
>> drive. The profile still lies on the drive someplace
and
>> I know the account's password. I have the drive slaved.
>> I have tried using ELCOMSOFT's Advanced EFS Data
Recovery
>> software and I gave it the username and password of the
>> profile. It finds the private key but is still unable
to
>> decrypt. The slaved drive was running WinXP with all
>> latest updates on it. What can I do to rectrieve the
>> ecrypted folder from this drive?
>
>Hi
>
>You could see if the content in this link could help you:
>
>http://www.beginningtoseethelight.org/efsrecovery/
>
>
>--
>torgeir
>Microsoft MVP Scripting and WMI, Porsgrunn Norway
>Administration scripting examples and an ONLINE version
of the 1328 page
>Scripting Guide:
>http://www.microsoft.com/technet/community/scriptcenter/d
efault.mspx
>
>
>.
>

Relevant Pages

  • RE: Huge folder - Application datamicrosoftcrypto samachine ke
    ... Whenever a certificate request is generated ... that every time this was done a new private key was created in the ... MachineKeys folder and the CA logged a failed certificate request. ... You definitely need to fix the time sync. ...
    (microsoft.public.windows.server.general)
  • Re: Encryption
    ... I tried all options when importing the key and still ... the case for your copied-to machine, but then that would break things.) ... The private key import for W2k I do not clearly recall at ... I encrypted a folder and copied it to another computer. ...
    (microsoft.public.win2000.security)
  • Re: Encryption
    ... Would it make a difference if I can't even open the folder? ... I tried all options when importing the key and still ... the case for your copied-to machine, but then that would break things.) ... The private key import for W2k I do not clearly recall at ...
    (microsoft.public.win2000.security)
  • Re: EFS / moving files
    ... encrypted folder, but still could not copy or open individual files. ... I surmised that perhaps this was an ownership issue, not an encryption ... volume (I do have the certificate and private key under which they ...
    (microsoft.public.windowsxp.security_admin)
  • Re: 0x8004011b when trying to download the address book.
    ... OABInteg-Admin_04:43:16 PM profile was created in the Windows Messaging Subsystem on CORP-EXCH-1. ... Message Class Differential found: 8 ... Starting Test 9 - OAB System Folder Check ...
    (microsoft.public.exchange.clients)