Re: Encrypted Files from a formatted drive

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 11/01/05


Date: Mon, 31 Oct 2005 18:27:02 -0600

Without a RA the only way would be if the user that created the EFS files
had exported their EFS certificate/private key to a password protected .pfx
file for safekeeping for and event like this. Also if there is a copy of the
user's profile somewhere in a backup there also may be a way to extract the
user's private key from it but my guess is there is not from your
description of the scenario. There is no backdoor way to access EFS files.
If there are no user or RA private key available then the files are forever
gone. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316 --- EFS info
and best practices.

"Kevin" <Kevin@discussions.microsoft.com> wrote in message
news:62D513C9-B06D-4BCF-BDC7-7A6E5828952E@microsoft.com...
> Files were encrypted on a disk from a computer that the drive has since
> been
> formatted and no backups exist anymore. The files were created and stored
> on
> an external drive. With the drive connected to a different machine, of
> course, they cannot be opened. I realize that any account on this system
> is
> not a recovery agent nor the account that created encrypted the files.
> But
> I'm guessing a way exists to recover the files, just hopeing you guys/gals
> might have an idea of how to do it?
>
> Hopefully I'm not S.O.L on this one
>
> Thanks



Relevant Pages

  • Re: Certificates, Keys, Mobile Users, Intended Usage
    ... One thing to consider would be to define a Recovery Agent for the domain as ... The RA is computer policy and would apply to EFS files for domain and local ... users password to gain access to the EFS files if the user's EFS private key ... > mobile user always logon using his cached domain credentials so that the ...
    (microsoft.public.win2000.security)
  • Re: Cannot open encrypted files
    ... The private key used to decrypt EFS files is stored in the user's profile ... 2000 clients require a Recovery Agent which can also decrypt the EFS files. ...
    (microsoft.public.win2000.security)
  • Re: Decryption of encrypted data - Urgent
    ... If you deleted the earlier account that encrypted the ... you broke access to the EFS files. ... keep content private to the encrypting account. ... 'user account' which I deleted ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Cannot Decrypt Files
    ... You can use ntbackup to backup and retire EFS files to another location. ... Agents certificate/private key are on the computer where the recovery is to ... Not every domain administrator is a Recovery Agent - just the user specified ... >> some files and folders have been encrypted and will not copy to a remote ...
    (microsoft.public.win2000.security)
  • Re: EFS experiment - need help
    ... Recovery agent is not for your case. ... you just need to export your current EFS cert to a PFX file. ... > did I go into the MMC to Import it into Earl. ... > couldn't decrypt Administrator's EFS files at that point. ...
    (microsoft.public.windowsxp.security_admin)