EFS Issue

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Recently I used RIS (Remote Installation Service) to reinstall a
clients workstation because it had been upgraded and had different
versions of Office installed and just generally had issues, but what I
didn’t know is that the user had Encrypted files on another drive (USB
External Hard Drive) so after I reinstalled the OS the Computer
account is not the same as before and he can no longer access the
files that were on the other drive. I have tried several of the free
downloadable recovery packages Advanced EFS recovery and others but
have had no luck, the recovery agent displays that no user is able to
decrypt the files and the user account has not changed because the
user is in a domain. I have tried logging in as local admin, domain
admin, but still no luck. anyone know of anything I can do. and no
the user didn’t export the keys.

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Security-Admin-EFS-Issue-ftopict365344.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1177687
5 answers Last reply
More about issue
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Was there a Designated Recovery Agent on the domain?
    If not, the data is most likely gone for good.

    See the bottom of this page for ways to help prevent data loss with EFS in
    the future:
    http://www3.telus.net/dandemar/encrypt.htm

    --
    Jupiter Jones [MVP]
    http://www3.telus.net/dandemar
    In memory of our dear friend, MVP Alex Nichol
    http://www.dts-l.org


    "Mouse4440" <UseLinkToEmail@WindowsForumz.com> wrote in message
    news:3_1177687_c7f35c781fba764475392afee945baeb@windowsforumz.com...
    > Recently I used RIS (Remote Installation Service) to reinstall a
    > clients workstation because it had been upgraded and had different
    > versions of Office installed and just generally had issues, but what I
    > didn't know is that the user had Encrypted files on another drive (USB
    > External Hard Drive) so after I reinstalled the OS the Computer
    > account is not the same as before and he can no longer access the
    > files that were on the other drive. I have tried several of the free
    > downloadable recovery packages Advanced EFS recovery and others but
    > have had no luck, the recovery agent displays that no user is able to
    > decrypt the files and the user account has not changed because the
    > user is in a domain. I have tried logging in as local admin, domain
    > admin, but still no luck. anyone know of anything I can do. and no
    > the user didn't export the keys.
    >
    > --
    > Posted using the http://www.windowsforumz.com interface, at author's
    > request
    > Articles individually checked for conformance to usenet standards
    > Topic URL:
    > http://www.windowsforumz.com/Security-Admin-EFS-Issue-ftopict365344.html
    > Visit Topic URL to contact author (reg. req'd). Report abuse:
    > http://www.windowsforumz.com/eform.php?p=1177687
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    "Jupiter Jones MVP" wrote:
    > Was there a Designated Recovery Agent on the domain?
    > If not, the data is most likely gone for good.
    >
    > See the bottom of this page for ways to help prevent data loss
    > with EFS in
    > the future:
    > http://www3.telus.net/dandemar/encrypt.htm
    >
    > --
    > Jupiter Jones [MVP]
    > http://www3.telus.net/dandemar
    > In memory of our dear friend, MVP Alex Nichol
    > http://www.dts-l.org
    >
    >
    > "Mouse4440" <UseLinkToEmail@WindowsForumz.com> wrote in
    > message
    > news:3_1177687_c7f35c781fba764475392afee945baeb@windowsforumz.com...
    > > Recently I used RIS (Remote Installation Service) to
    > reinstall a
    > > clients workstation because it had been upgraded and had
    > different
    > > versions of Office installed and just generally had issues,
    > but what I
    > > didn't know is that the user had Encrypted files on another
    > drive (USB
    > > External Hard Drive) so after I reinstalled the OS the
    > Computer
    > > account is not the same as before and he can no longer
    > access the
    > > files that were on the other drive. I have tried several of
    > the free
    > > downloadable recovery packages Advanced EFS recovery and
    > others but
    > > have had no luck, the recovery agent displays that no user
    > is able to
    > > decrypt the files and the user account has not changed
    > because the
    > > user is in a domain. I have tried logging in as local admin,
    > domain
    > > admin, but still no luck. anyone know of anything I can do.
    > and no
    > > the user didn't export the keys.
    > >
    > > --
    > > Posted using the http://www.windowsforumz.com interface, at author's
    > > request
    > > Articles individually checked for conformance to usenet
    > standards
    > > Topic URL:
    > > http://www.windowsforumz.com/Security-Admin-EFS-Issue-ftopict365344.html
    > > Visit Topic URL to contact author (reg. req'd). Report
    > abuse:
    > > http://www.windowsforumz.com/eform.php?p=1177687

    I’m not sure, I logged in as admin on the local machine and as the
    domain admin and the windows recovery thing display no recovery agent
    present. is this something that user had to setup or is an automatic
    thing?

    Posted Via Usenet.com Premium Usenet Newsgroup Services
    ----------------------------------------------------------
    ** SPEED ** RETENTION ** COMPLETION ** ANONYMITY **
    ----------------------------------------------------------
    http://www.usenet.com
  3. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    "Mouse4440" <DoNotEmail@WindowsForumz.com> wrote in message
    news:3_1183971_590abcb1375a568d59e74bf288c16868@windowsforumz.com...
    > "Jupiter Jones MVP" wrote:
    > > Was there a Designated Recovery Agent on the domain?
    > > If not, the data is most likely gone for good.
    > >
    > > See the bottom of this page for ways to help prevent data loss
    > > with EFS in
    > > the future:
    > > http://www3.telus.net/dandemar/encrypt.htm
    > >
    > > --
    > > Jupiter Jones [MVP]
    > > http://www3.telus.net/dandemar
    > > In memory of our dear friend, MVP Alex Nichol
    > > http://www.dts-l.org
    > >
    > >
    > > "Mouse4440" <UseLinkToEmail@WindowsForumz.com> wrote in
    > > message
    > > news:3_1177687_c7f35c781fba764475392afee945baeb@windowsforumz.com...
    > > > Recently I used RIS (Remote Installation Service) to
    > > reinstall a
    > > > clients workstation because it had been upgraded and had
    > > different
    > > > versions of Office installed and just generally had issues,
    > > but what I
    > > > didn't know is that the user had Encrypted files on another
    > > drive (USB
    > > > External Hard Drive) so after I reinstalled the OS the
    > > Computer
    > > > account is not the same as before and he can no longer
    > > access the
    > > > files that were on the other drive. I have tried several of
    > > the free
    > > > downloadable recovery packages Advanced EFS recovery and
    > > others but
    > > > have had no luck, the recovery agent displays that no user
    > > is able to
    > > > decrypt the files and the user account has not changed
    > > because the
    > > > user is in a domain. I have tried logging in as local admin,
    > > domain
    > > > admin, but still no luck. anyone know of anything I can do.
    > > and no
    > > > the user didn't export the keys.
    > > >
    > > > --
    > > > Posted using the http://www.windowsforumz.com interface, at author's
    > > > request
    > > > Articles individually checked for conformance to usenet
    > > standards
    > > > Topic URL:
    > > > http://www.windowsforumz.com/Security-Admin-EFS-Issue-ftopict365344.html
    > > > Visit Topic URL to contact author (reg. req'd). Report
    > > abuse:
    > > > http://www.windowsforumz.com/eform.php?p=1177687
    >
    > I’m not sure, I logged in as admin on the local machine and as the
    > domain admin and the windows recovery thing display no recovery agent
    > present. is this something that user had to setup or is an automatic
    > thing?
    >

    With XP you have to setup the recovery agent. Win2k worked differently. If
    he was logged on locally when he encrypted the files you are probably out of
    luck. If he was logged on as a domain user you will have to figure out if
    there is a recovery agent and who it is. Export the recovery key and import
    it on the machine with the files on it. You may also have to take ownership
    of the files on the USB drive first.

    http://support.microsoft.com/default.aspx?scid=kb;en-us;887414

    http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/windows/xp/all/reskit/en-us/prnb_efs_lnfx.asp

    Kerry
  4. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    "kerry15" wrote:
    > "Mouse4440" <DoNotEmail@WindowsForumz.com> wrote in message
    > news:3_1183971_590abcb1375a568d59e74bf288c16868@windowsforumz.com...
    > > "Jupiter Jones MVP" wrote:
    >  > > Was there a Designated Recovery Agent on the domain?
    >  > > If not, the data is most likely gone for good.
    >  > >
    >  > > See the bottom of this page for ways to help prevent
    > data loss
    >  > > with EFS in
    >  > > the future:
    >  > > http://www3.telus.net/dandemar/encrypt.htm
    >  > >
    >  > > --
    >  > > Jupiter Jones [MVP]
    >  > > http://www3.telus.net/dandemar
    >  > > In memory of our dear friend, MVP Alex Nichol
    >  > > http://www.dts-l.org
    >  > >
    >  > >
    >  > > "Mouse4440" <UseLinkToEmail@WindowsForumz.com>
    > wrote in
    >  > > message
    >  > >
    > news:3_1177687_c7f35c781fba764475392afee945baeb@windowsforumz.com...
    >   > > > Recently I used RIS (Remote Installation
    > Service) to
    >  > > reinstall a
    >   > > > clients workstation because it had been
    > upgraded and had
    >  > > different
    >   > > > versions of Office installed and just
    > generally had issues,
    >  > > but what I
    >   > > > didn't know is that the user had Encrypted
    > files on another
    >  > > drive (USB
    >   > > > External Hard Drive) so after I reinstalled
    > the OS the
    >  > > Computer
    >   > > > account is not the same as before and he can
    > no longer
    >  > > access the
    >   > > > files that were on the other drive. I have
    > tried several of
    >  > > the free
    >   > > > downloadable recovery packages Advanced EFS
    > recovery and
    >  > > others but
    >   > > > have had no luck, the recovery agent
    > displays that no user
    >  > > is able to
    >   > > > decrypt the files and the user account has
    > not changed
    >  > > because the
    >   > > > user is in a domain. I have tried logging in
    > as local admin,
    >  > > domain
    >   > > > admin, but still no luck. anyone know of
    > anything I can do.
    >  > > and no
    >   > > > the user didn't export the keys.
    >   > > >
    >   > > > --
    >   > > > Posted using the
    > http://www.windowsforumz.com interface, at author's
    >   > > > request
    >   > > > Articles individually checked for
    > conformance to usenet
    >  > > standards
    >   > > > Topic URL:
    >   > > >
    > http://www.windowsforumz.com/Security-Admin-EFS-Issue-ftopict365344.html
    >   > > > Visit Topic URL to contact author (reg.
    > req'd). Report
    >  > > abuse:
    >   > > >
    > http://www.windowsforumz.com/eform.php?p=1177687
    > >
    > > I’m not sure, I logged in as admin on the local machine and
    > as the
    > > domain admin and the windows recovery thing display no
    > recovery agent
    > > present. is this something that user had to setup or is an
    > automatic
    > > thing?
    > >
    >
    > With XP you have to setup the recovery agent. Win2k worked
    > differently. If
    > he was logged on locally when he encrypted the files you are
    > probably out of
    > luck. If he was logged on as a domain user you will have to
    > figure out if
    > there is a recovery agent and who it is. Export the recovery
    > key and import
    > it on the machine with the files on it. You may also have to
    > take ownership
    > of the files on the USB drive first.
    >
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;887414
    >
    > http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/windows/xp/all/reskit/en-us/prnb_efs_lnfx.asp
    >
    > Kerry

    He was a domain user but the key was on the system partition and the
    data is on another drive, the system partition that had the keys was
    deleted with the install of Win XP. I logged in as the user and the
    recovery agent displays no recovery agent present, likewise for the
    local admin and domain admin. I have not taken ownership though.
    would I need to do that for the recovery agent.
  5. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    "Mouse4440" <DoNotEmail@WindowsForumz.com> wrote in message
    news:3_1184166_682e46f0d60f56f2114f32822a76208d@windowsforumz.com...
    > "kerry15" wrote:
    > > "Mouse4440" <DoNotEmail@WindowsForumz.com> wrote in message
    > > news:3_1183971_590abcb1375a568d59e74bf288c16868@windowsforumz.com...
    > > > "Jupiter Jones MVP" wrote:
    > >  > > Was there a Designated Recovery Agent on the domain?
    > >  > > If not, the data is most likely gone for good.
    > >  > >
    > >  > > See the bottom of this page for ways to help prevent
    > > data loss
    > >  > > with EFS in
    > >  > > the future:
    > >  > > http://www3.telus.net/dandemar/encrypt.htm
    > >  > >
    > >  > > --
    > >  > > Jupiter Jones [MVP]
    > >  > > http://www3.telus.net/dandemar
    > >  > > In memory of our dear friend, MVP Alex Nichol
    > >  > > http://www.dts-l.org
    > >  > >
    > >  > >
    > >  > > "Mouse4440" <UseLinkToEmail@WindowsForumz.com>
    > > wrote in
    > >  > > message
    > >  > >
    > > news:3_1177687_c7f35c781fba764475392afee945baeb@windowsforumz.com...
    > >   > > > Recently I used RIS (Remote Installation
    > > Service) to
    > >  > > reinstall a
    > >   > > > clients workstation because it had been
    > > upgraded and had
    > >  > > different
    > >   > > > versions of Office installed and just
    > > generally had issues,
    > >  > > but what I
    > >   > > > didn't know is that the user had Encrypted
    > > files on another
    > >  > > drive (USB
    > >   > > > External Hard Drive) so after I reinstalled
    > > the OS the
    > >  > > Computer
    > >   > > > account is not the same as before and he can
    > > no longer
    > >  > > access the
    > >   > > > files that were on the other drive. I have
    > > tried several of
    > >  > > the free
    > >   > > > downloadable recovery packages Advanced EFS
    > > recovery and
    > >  > > others but
    > >   > > > have had no luck, the recovery agent
    > > displays that no user
    > >  > > is able to
    > >   > > > decrypt the files and the user account has
    > > not changed
    > >  > > because the
    > >   > > > user is in a domain. I have tried logging in
    > > as local admin,
    > >  > > domain
    > >   > > > admin, but still no luck. anyone know of
    > > anything I can do.
    > >  > > and no
    > >   > > > the user didn't export the keys.
    > >   > > >
    > >   > > > --
    > >   > > > Posted using the
    > > http://www.windowsforumz.com interface, at author's
    > >   > > > request
    > >   > > > Articles individually checked for
    > > conformance to usenet
    > >  > > standards
    > >   > > > Topic URL:
    > >   > > >
    > > http://www.windowsforumz.com/Security-Admin-EFS-Issue-ftopict365344.html
    > >   > > > Visit Topic URL to contact author (reg.
    > > req'd). Report
    > >  > > abuse:
    > >   > > >
    > > http://www.windowsforumz.com/eform.php?p=1177687
    > > >
    > > > I’m not sure, I logged in as admin on the local machine and
    > > as the
    > > > domain admin and the windows recovery thing display no
    > > recovery agent
    > > > present. is this something that user had to setup or is an
    > > automatic
    > > > thing?
    > > >
    > >
    > > With XP you have to setup the recovery agent. Win2k worked
    > > differently. If
    > > he was logged on locally when he encrypted the files you are
    > > probably out of
    > > luck. If he was logged on as a domain user you will have to
    > > figure out if
    > > there is a recovery agent and who it is. Export the recovery
    > > key and import
    > > it on the machine with the files on it. You may also have to
    > > take ownership
    > > of the files on the USB drive first.
    > >
    > > http://support.microsoft.com/default.aspx?scid=kb;en-us;887414
    > >
    > > http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/windows/xp/all/reskit/en-us/prnb_efs_lnfx.asp
    > >
    > > Kerry
    >
    > He was a domain user but the key was on the system partition and the
    > data is on another drive, the system partition that had the keys was
    > deleted with the install of Win XP. I logged in as the user and the
    > recovery agent displays no recovery agent present, likewise for the
    > local admin and domain admin. I have not taken ownership though.
    > would I need to do that for the recovery agent.

    You have to figure out who the DRA is (see my previous links), export their
    private certificate and key, then import the certificate and key on the
    computer that you are using to decrypt the files. It is common practice to
    only use certain secure computers for EFS recovery so that the key cannot be
    taken away and data unencrypted off site. If this is the case you would have
    to have the files on the recovery computer. You may or may not have to take
    ownership first but it wouldn't hurt to do so. EFS can be very tricky. From
    what you have described his data is probably gone. You should investigate
    the links in my last post and either restrict users from using EFS via group
    policy or setup a DRA and store the certificate and key in a safe place. If
    you don't this may cause you grief again in the future.

    Kerry
Ask a new question

Read More

Data Recovery External Hard Drive Windows XP