Re: EFS encrypt files: Changed PW now can't access... :-(

1152122922.678581.144620@xxxxxxxxxxxxxxxxxxxxxxxxxxx,
jryder.10@xxxxxxxxx <jryder.10@xxxxxxxxx> wrote:
Hey all, here's another EFS question, hopefully someone can
solve this, I REALLY need to get these files decrypted:

1st: Friend of mine at work was trying to PW protect some
.xls files and accidentally used XPpro's EFS.
2nd: While away someone logged off one of the admin accounts
and couldn't remember the password, so they created another
admin rights account and changed the password for the
account they couldn't figure out.
3rd: Once they changed the PW for the account, the EFS hash
of course, doesn't match up with the new PW and now the
files cannot be decrypted. 4th: I tried searching for an
X.509 certificate but could not find one at all! I then
tried logging in as the default admin account, and trying to
add it as the recovery agent, but it didn't work either.
5th: I tried a program called "Advanced EFS Data Recovery"
which is supposed to be able to find EFS keys and or use
SYS-startup keys, provided that you have the original
password before the PW was changed on the account. 6th: I
have the original PW from the changed account! And when I
tried searching for any X.509 Cert / SYSkey, the program
didn't find any master keys and was unable to attempt to
decrypt the files etc.

I've read somewhere on google that you could move said
EFS files to a Non NFTS OS like Win98 and the file
encryption wouldn't be able to be transferred since the OS
doesn't even support EFS etc.... What are your thoughts on
this?

Secondly, again, when I tried searching for any pertinent
X.509 certs / keys, I couldn't find anything on the computer
at all!? Is that common? I know he didn't create a backup,
but there should be some kind of cert file that I could use
to decrypt them?

ANY help would be much appreciated!

Thanks,

Did you try changing the password on your friend's account back
to the old password?

EFS, Credentials, and Private Keys from Certificates Are
Unavailable After a Password Is Reset
http://support.microsoft.com/default.aspx?scid=kb;en-us;290260&sd=tech

Good luck

Nepatsfan


.

Relevant Pages

  • Re: EFS encrypt files: Changed PW now cant access... :-(
    ... and accidentally used XPpro's EFS. ... account and changed the password for the account they couldn't figure ... supposed to be able to find EFS keys and or use SYS-startup keys, ... master keys and was unable to attempt to decrypt the files etc. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: EFS Certs in AD or local PC?
    ... If his profile is in AD and we import his cert, will he be able to decrypt ... The users EFS private key is stored in the user's profile but not in a way ... If there are no correct EFS private keys [user ... configured then the RA [usually built in domain administrator account] ...
    (microsoft.public.windows.server.sbs)
  • Re: Unable to Decrypt Encrypted files
    ... it keeps asking for a account name and password ... conceivable methods the OP could use to decrypt his data would be if he had ... keys his data is gone. ... If you Google for efs data recovery most the links ...
    (microsoft.public.windowsxp.security_admin)
  • Re: EFS/NTFS
    ... Is you XP a DC member or a standalone machine? ... You will not be able to decrypt the files just using the ... keys, you would not be able to get back your EFS files without brutal force ... Even though you think you use the same account name and password, ...
    (microsoft.public.windowsxp.security_admin)
  • Re: decrypt files after lost pub/priv keys - possible?
    ... > private keys needed to decrypt those files. ... The EFS private keys are ... Encryption is written in code, ...
    (microsoft.public.win2000.security)