A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » Security and Administration with Windows XP
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

EFS nightmare



 
 
Thread Tools Display Modes
  #1  
Old March 17th 10, 10:04 PM posted to microsoft.public.windowsxp.security_admin
big country
external usenet poster
 
Posts: 20
Default EFS nightmare

Hey all I have a WinXP SP2 workstation. It has an external hard disk that is
failing and there are some files that are encrypted that we cant decrypt. So
we cant move the files. The user is not sure who initially encrypted the
files but the file shows an AD account that is specified as a data recovery
agent for that file. When I went to group policy on the local machine there
was not a EFS policy defined so I created one with the data recovery account
from AD. The account shows a valid cert so I logged into the pc using the
data recovery account and I still cant decrypt the file. Any thoughts?


Ads
  #2  
Old March 18th 10, 12:55 AM posted to microsoft.public.windowsxp.security_admin
Shenan Stanley
external usenet poster
 
Posts: 10,523
Default EFS nightmare

big country wrote:
Hey all I have a WinXP SP2 workstation. It has an external hard
disk that is failing and there are some files that are encrypted
that we cant decrypt. So we cant move the files. The user is not
sure who initially encrypted the files but the file shows an AD
account that is specified as a data recovery agent for that file.
When I went to group policy on the local machine there was not a
EFS policy defined so I created one with the data recovery account
from AD. The account shows a valid cert so I logged into the pc
using the data recovery account and I still cant decrypt the file.
Any thoughts?


No backups?

Encryption, hard drives, etc... They can all go south without warning.
Backups are the only "backup plan" that has much of any validity when they
do. ;-)

Is this data is so important/security sensitive - it doesn't have backup
copies? One could then argue that data that important/security sensitive
better have a backup copy. ;-)

Encryption is made to keep people out. Secure the data. If something goes
wrong with the physical drive, memory when reading it/writing it, lost key,
etc - it makes no promises about you being able to recover the data.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html


  #3  
Old March 24th 10, 10:27 PM posted to microsoft.public.windowsxp.security_admin
Twayne[_3_]
external usenet poster
 
Posts: 1,073
Default EFS nightmare

In ,
big country typed:
Hey all I have a WinXP SP2 workstation. It has an external
hard disk that is failing and there are some files that are
encrypted that we cant decrypt. So we cant move the files.
The user is not sure who initially encrypted the files but
the file shows an AD account that is specified as a data
recovery agent for that file. When I went to group policy
on the local machine there was not a EFS policy defined so
I created one with the data recovery account from AD. The
account shows a valid cert so I logged into the pc using
the data recovery account and I still cant decrypt the
file. Any thoughts?


If you can't locate the keys & certs that were used when the
data was encrypted, it's lost for good. Nothing you create now
will allow access to it, period. Hope you have backups if it's
important. MS did one thing right; their encryption structure
is unbeatable without a lot of time and money.
See help & support for EFS for more details; look for
certificate exports.

HTH,

Twayne`


  #4  
Old March 25th 10, 04:14 PM posted to microsoft.public.windowsxp.security_admin
Jim Nugent
external usenet poster
 
Posts: 7
Default EFS nightmare


"big country" wrote in message
...
Hey all I have a WinXP SP2 workstation. It has an external hard disk that
is failing and there are some files that are encrypted that we cant
decrypt. So we cant move the files.


If you just want to get the files off the failing drive before it dies,
still encryped, use ntbackup and put them in a .bkf file. Ntbackup will not
try to decrypt them, but will simply store them. (This is Microsoft's
recommended way of transporting files to the recovery agent for assistance
in decrypting.)

When you are ready to work on decrypting them, restore them from the .bkf
file onto a good drive.

Sorry I can't help more with EFS, but usually I think the local
Administrator account becomes the default recovery agent on a computer when
EFS is first used.

Some people call EFS the Windows Delayed Recycle Bin.
HTH,
==
Jim


 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off






All times are GMT +1. The time now is 02:35 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.