Re: Re: Re: EFS Issue

From: Mouse4440 (DoNotEmail_at_WindowsForumz.com)
Date: 04/29/05

Next message: Kerry Brown: "Re: EFS Issue"
Previous message: Orvs: "Event ID 538 and 540 : Security threat?"
In reply to: Kerry Brown: "Re: Re: EFS Issue"
Next in thread: Kerry Brown: "Re: EFS Issue"
Reply: Kerry Brown: "Re: EFS Issue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 29 Apr 2005 11:24:52 -0500

"kerry15" wrote:
> "Mouse4440" <DoNotEmail@WindowsForumz.com> wrote in message
> news:3_1183971_590abcb1375a568d59e74bf288c16868@windowsforumz.com...
> > "Jupiter Jones MVP" wrote:
>  > > Was there a Designated Recovery Agent on the domain?
>  > > If not, the data is most likely gone for good.
>  > >
>  > > See the bottom of this page for ways to help prevent
> data loss
>  > > with EFS in
>  > > the future:
>  > > http://www3.telus.net/dandemar/encrypt.htm
>  > >
>  > > --
>  > > Jupiter Jones [MVP]
>  > > http://www3.telus.net/dandemar
>  > > In memory of our dear friend, MVP Alex Nichol
>  > > http://www.dts-l.org
>  > >
>  > >
>  > > "Mouse4440" <UseLinkToEmail@WindowsForumz.com>
> wrote in
>  > > message
>  > >
> news:3_1177687_c7f35c781fba764475392afee945baeb@windowsforumz.com...
>   > > > Recently I used RIS (Remote Installation
> Service) to
>  > > reinstall a
>   > > > clients workstation because it had been
> upgraded and had
>  > > different
>   > > > versions of Office installed and just
> generally had issues,
>  > > but what I
>   > > > didn't know is that the user had Encrypted
> files on another
>  > > drive (USB
>   > > > External Hard Drive) so after I reinstalled
> the OS the
>  > > Computer
>   > > > account is not the same as before and he can
> no longer
>  > > access the
>   > > > files that were on the other drive. I have
> tried several of
>  > > the free
>   > > > downloadable recovery packages Advanced EFS
> recovery and
>  > > others but
>   > > > have had no luck, the recovery agent
> displays that no user
>  > > is able to
>   > > > decrypt the files and the user account has
> not changed
>  > > because the
>   > > > user is in a domain. I have tried logging in
> as local admin,
>  > > domain
>   > > > admin, but still no luck. anyone know of
> anything I can do.
>  > > and no
>   > > > the user didn't export the keys.
>   > > >
>   > > > --
>   > > > Posted using the
> http://www.windowsforumz.com interface, at author's
>   > > > request
>   > > > Articles individually checked for
> conformance to usenet
>  > > standards
>   > > > Topic URL:
>   > > >
> http://www.windowsforumz.com/Security-Admin-EFS-Issue-ftopict365344.html
>   > > > Visit Topic URL to contact author (reg.
> req'd). Report
>  > > abuse:
>   > > >
> http://www.windowsforumz.com/eform.php?p=1177687
> >
> > I’m not sure, I logged in as admin on the local machine and
> as the
> > domain admin and the windows recovery thing display no
> recovery agent
> > present. is this something that user had to setup or is an
> automatic
> > thing?
> >
>
> With XP you have to setup the recovery agent. Win2k worked
> differently. If
> he was logged on locally when he encrypted the files you are
> probably out of
> luck. If he was logged on as a domain user you will have to
> figure out if
> there is a recovery agent and who it is. Export the recovery
> key and import
> it on the machine with the files on it. You may also have to
> take ownership
> of the files on the USB drive first.
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;887414
>
> http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/windows/xp/all/reskit/en-us/prnb_efs_lnfx.asp
>
> Kerry

He was a domain user but the key was on the system partition and the
data is on another drive, the system partition that had the keys was
deleted with the install of Win XP. I logged in as the user and the
recovery agent displays no recovery agent present, likewise for the
local admin and domain admin. I have not taken ownership though.
would I need to do that for the recovery agent.

Next message: Kerry Brown: "Re: EFS Issue"
Previous message: Orvs: "Event ID 538 and 540 : Security threat?"
In reply to: Kerry Brown: "Re: Re: EFS Issue"
Next in thread: Kerry Brown: "Re: EFS Issue"
Reply: Kerry Brown: "Re: EFS Issue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Re: EFS Issue
... >> Was there a Designated Recovery Agent on the domain? ... I logged in as admin on the local machine and as the ... With XP you have to setup the recovery agent. ... If he was logged on as a domain user you will have to figure out if ...
(microsoft.public.windowsxp.security_admin)
Re: UNEncryped files
... Also, for XP Pro in a non-Domain environment, the "local admin" is not ... automatically designated a "recovery agent" (which was true un Win2k Pro), ... >> encrypted is thire any way to axcess them. ...
(microsoft.public.windowsxp.security_admin)
EFS
... I encrypted a file while the laptop was on ... so I assume local admin was the Recovery Agent. ... migrated to Active directory, which I guess makes Domain Admin the ...
(microsoft.public.win2000.security)
Re: EFS Issue
... Was there a Designated Recovery Agent on the domain? ... I have tried logging in as local admin, ... > admin, but still no luck. ... > Visit Topic URL to contact author (reg. ...
(microsoft.public.windowsxp.security_admin)
EFS on XP
... to create a DRA for a XP pro box in AD, ... Comming from a 2000 enviroment where local admin was ... able to make the make the XP admin the recovery agent. ...
(microsoft.public.windowsxp.security_admin)