Re: EFS encrypt files: Changed PW now can't access... :-(

If you're in an Active Directory domain, try searching www.google.com
and/or www.microsoft.com/support for "EFS recovery-agent" or "EFS
recovery-agent windows-2000 recover" or something along that line.

jryder.10@xxxxxxxxx wrote:

Hey all, here's another EFS question, hopefully someone can solve this,
I REALLY need to get these files decrypted:

1st: Friend of mine at work was trying to PW protect some .xls files
and accidentally used XPpro's EFS.
2nd: While away someone logged off one of the admin accounts and
couldn't remember the password, so they created another admin rights
account and changed the password for the account they couldn't figure
out.
3rd: Once they changed the PW for the account, the EFS hash of course,
doesn't match up with the new PW and now the files cannot be decrypted.
4th: I tried searching for an X.509 certificate but could not find one
at all! I then tried logging in as the default admin account, and
trying to add it as the recovery agent, but it didn't work either.
5th: I tried a program called "Advanced EFS Data Recovery" which is
supposed to be able to find EFS keys and or use SYS-startup keys,
provided that you have the original password before the PW was changed
on the account.
6th: I have the original PW from the changed account! And when I tried
searching for any X.509 Cert / SYSkey, the program didn't find any
master keys and was unable to attempt to decrypt the files etc.

I've read somewhere on google that you could move said EFS files to
a Non NFTS OS like Win98 and the file encryption wouldn't be able to be
transferred since the OS doesn't even support EFS etc.... What are your
thoughts on this?

Secondly, again, when I tried searching for any pertinent X.509 certs /
keys, I couldn't find anything on the computer at all!? Is that common?
I know he didn't create a backup, but there should be some kind of cert
file that I could use to decrypt them?

ANY help would be much appreciated!

Thanks,

.

Relevant Pages

  • RE: XP native encryption
    ... If this is a stand-alone machine, the local administrator is the default ... (assuming the recovery key was not removed from ... I'm pretty familiar with EFS. ... then the only account that is ...
    (Security-Basics)
  • Re: Just after i reset my password
    ... EFS is very good at what it does and there is no back door. ... > files on the computer,from the Administration account. ... > that I cannot open any of my Encrypted files, ... > keys and recovery agents,but I could not do anything of ...
    (microsoft.public.windowsxp.security_admin)
  • Re: A quick question before I kill myself... (XP EFS)
    ... EFS has been hacked already... ... Roger is right about XP not using Administrators account as ... > recovery agent, it was the very first thing I tried... ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Recovering EFS from a Backup
    ... You should log on to the account that originally encrypted the files. ... should be able to decrypt the files. ... also consider backing up your EFS certificate and keys. ... You can then import them for data recovery should a need arise in future. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: PC Recovery - Files Transfer Wizard ? Move ?
    ... Used HP PC recovery on my laptop to reinstall XP MCE. ... see old account folders/files but since XP only sees the Bob ... folder as a folder and NOT an account I can't log into ... I'd like all of the files that live in the BOB account to appear in Owner's ...
    (comp.sys.hp.hardware)