Re: Recover Default EFS Security Certificate From Old Drive???
From: John (john_at_nospam.com)
Date: 03/17/05
- Next message: A: "Re: Elitum DyFuca n-Case"
- Previous message: Carey Frisch [MVP]: "Re: winlogon.exe --Norton reports Unauthorized access -- Why"
- In reply to: Torgeir Bakken \(MVP\): "Re: Recover Default EFS Security Certificate From Old Drive???"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 16 Mar 2005 18:33:19 -0600
"Torgeir Bakken (MVP)" <Torgeir.Bakken-spam@hydro.com> wrote in message
news:%23FRGrm%23JFHA.2796@tk2msftngp13.phx.gbl...
> John wrote:
>
>> I have a hard drive (w/ XP Pro SP2) that refused to boot into Windows
>> recently because the 'system' files became corrupted after I loaded the
>> new Norton 2005 AV. It would not boot to any restore points or any safe
>> modes - complained 'corrupted config/system file(s).'
>>
>> Anyway... I bought a new drive and loaded it with XP SP2 as well. I
>> assigned the old drive as a "slave" to the new one so I could recover
>> some critical
>> data files (which worked just fine). However, I had (1) folder that was
>> encrypted on the old drive and I never had assigned a system-wide EFS
>> Recovery Agent -
>> which means it used a default EFS certificate to encrypt the folder (I
>> assume). Of course I can not access that folder currently.
>>
>> Is there ANY way to get at that certificate from the old drive? I did NOT
>> reformat the old drive (I just reassigned it as a "slave" to the new
>> drive). The old
>> 'ownership' references still shows up since I have only changed ownership
>> on a few of the folders that I had to recover immediately. The encrypted
>> folder in question I have NOT taken ownership on (yet).
>>
>> Can any of you MVP gurus or XP experts give me a clue or some guidance on
>> how I might recover that old certificate (assuming it is possible)? Where
>> would that
>> default EFS certificate be stored on the old drive, and how could I
>> access it currently? Or is there a default Administrator Recovery Agent
>> certificate stored somewhere?
> Hi
>
> As you have access to the user profile folders for the user that
> encrypted the files and if you remember the password for the user
> that encrypted the data, you might be able to save the files.
>
> Take a look at this site for more details:
>
> http://www.beginningtoseethelight.org/efsrecovery/
Thanks Torgier - very good site. I have found the files in question in
Recovery console, but - so far - have not been able to get the key in
question to work on the new system. The thumbprint on the key I recovered
matches the encrypted folder I had, but I am having trouble getting the file
to export to the new system. I think portions of the user profile may have
been corrupted or lost - which is why the old drive would not boot to
windows in the first place. I have not tried the hex editor procedure yet -
will report back if that works.
THANKS very much for the great link.
John
- Next message: A: "Re: Elitum DyFuca n-Case"
- Previous message: Carey Frisch [MVP]: "Re: winlogon.exe --Norton reports Unauthorized access -- Why"
- In reply to: Torgeir Bakken \(MVP\): "Re: Recover Default EFS Security Certificate From Old Drive???"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
