Re: EFS private key on slaved drive
From: Drew Cooper [MSFT] (dcoop_at_online.microsoft.com)
Date: 03/15/04
- Next message: Drew Cooper [MSFT]: "Re: delete folders using cmd prompt..."
- Previous message: Fritz: "Re: Which Secuity Updates should one install?"
- In reply to: Jeremy Rabalais: "Re: EFS private key on slaved drive"
- Next in thread: DeFace: "Re: EFS private key on slaved drive"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 15 Mar 2004 13:11:32 -0800
XP RTM will be able to unlock an XPSP1 file's symmetric key, but won't
understand the original symmetric algorithm. If that were the case for you,
you could "decrypt", but you'd see garbage.
The way this works is that there are a series of keys, one encrypting the
next, until finally there is the symmetric key to encrypt a given file. A
encrypts B encrypts C encrypts D etc.
Form what you wrote, I suspect that you have something more like A encrypts
B encrypts C encrypts A - sounds like there's been a cycle introduced. If
so, Elcomsoft (or Microsoft Support or anyone else) won't be able to help
you.
We don't recommend encrypting the "Application Data" folder. Its files have
the system attribute by default, which would normally block EFS from
encrypting them.
Making a folder "private" does not encrypt it. Are you sure the files are
encrypted?
-- Drew Cooper [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights. "Jeremy Rabalais" <jrabalai@hotmail.com> wrote in message news:bde001c40862$73ac85c0$a301280a@phx.gbl... > I looked at the link and it states "you will need a user > account of the same user and machine number as the > orginal. check this orginal folder name: c:\documents and > settings\%username%\application > data\microsoft\crypto\rsa\s-1-5-21-1078081533-1606980848- > 854245398-1003". I can't access this as the %username% > folder is what's encrypted. Also, the original drive has > XP service pack 1 installed, but the one I'm booting off > of doesn't have any service packs on it. Could this be > the reason ELCOMSOFT's software would not decrypt the > private key even with the password supplied. Thanks a > bunch for helping out, I don't know what else to do at > this point. > > On another note, I never explicitly encrypted the folder, > I just checked off the checkbox in XP to make the folder > private from other users. Doesn't anyone think that > Windows should at least warn you when it's doing this so > you can know to backup your private key? > > > >-----Original Message----- > >Jeremy wrote: > > > >> I have an ecrypted "My Documents" folder on an > unbootable > >> drive. The profile still lies on the drive someplace > and > >> I know the account's password. I have the drive slaved. > >> I have tried using ELCOMSOFT's Advanced EFS Data > Recovery > >> software and I gave it the username and password of the > >> profile. It finds the private key but is still unable > to > >> decrypt. The slaved drive was running WinXP with all > >> latest updates on it. What can I do to rectrieve the > >> ecrypted folder from this drive? > > > >Hi > > > >You could see if the content in this link could help you: > > > >http://www.beginningtoseethelight.org/efsrecovery/ > > > > > >-- > >torgeir > >Microsoft MVP Scripting and WMI, Porsgrunn Norway > >Administration scripting examples and an ONLINE version > of the 1328 page > >Scripting Guide: > >http://www.microsoft.com/technet/community/scriptcenter/d > efault.mspx > > > > > >. > >
- Next message: Drew Cooper [MSFT]: "Re: delete folders using cmd prompt..."
- Previous message: Fritz: "Re: Which Secuity Updates should one install?"
- In reply to: Jeremy Rabalais: "Re: EFS private key on slaved drive"
- Next in thread: DeFace: "Re: EFS private key on slaved drive"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
