Sign in with
Sign up | Sign in
Your question

Recovering Encrypted File on WIndows XP workstation

Last response: in Windows 2000/NT
Share
Anonymous
January 25, 2005 12:19:02 PM

Archived from groups: microsoft.public.win2000.security (More info?)

I have a user that encrypted a file on the desktop and the user acct has been
deleted off the server. The user no longer works here and I need to recover
the file. I have exported the administrator file recovery certificate and
imported it on the workstation in question. However it does not let me
decrypt the file. I dont have a PKI or CA setup on the domain. I have looked
for articles on the web but what I have read is not working. From what I read
I should be able to log on to the workstation as the domain admin and decrypt
the file but nothing is working. Is there any way to recover the file? any
help would be greatly appreciated!!

Thanks
Chad
Anonymous
January 25, 2005 9:49:06 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Let us assume that the XP was joined to the domain when the
file was encrypted, and that we are speaking of a file encrypted
by EFS.

Just what is it that you exported when you
"exported the administrator file recovery certificate"
You should have a pfx file that you used for the import that
contained both the EFS cert and the private key, and when
you were exporting it you should have seen that it had stated
use for EFS data recovery. You need the private key to be
able to decrypt - the cert is for encrypting.

One thing you could instead do, here stated in the safest form,
is to use NTbackup at the XP to package up the encrypted file,
and then unpack this (restore) onto a machine where you can
log in with the DRA (the account where you exported the EFS
recovery cert).

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"Chad Guiney" <ChadGuiney@discussions.microsoft.com> wrote in message
news:4E019A44-C020-460F-AC8F-A817A4BFB072@microsoft.com...
> I have a user that encrypted a file on the desktop and the user acct has
been
> deleted off the server. The user no longer works here and I need to
recover
> the file. I have exported the administrator file recovery certificate and
> imported it on the workstation in question. However it does not let me
> decrypt the file. I dont have a PKI or CA setup on the domain. I have
looked
> for articles on the web but what I have read is not working. From what I
read
> I should be able to log on to the workstation as the domain admin and
decrypt
> the file but nothing is working. Is there any way to recover the file? any
> help would be greatly appreciated!!
>
> Thanks
> Chad
Anonymous
January 25, 2005 11:50:59 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Windows XP does not require a recovery agent for EFS but it can use one if
Group Policy was configured for such for that computer. Use the efsinfo tool
to see if the file has a recovery agent that can decrypt it and who it is.
Note that when you export a recovery certificate you must also export the
private key to a password protected .pfx file to import for recovering. If
you can restore the user account via an Active Directory authoritative
restore [just for that account] from a System State backup less than sixty
days old you might be able to reset that user's domain password, logon as
that user and decrypt the file. The link below explains efsinfo. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;243026 --- use
efsinfo /r /c

"Chad Guiney" <ChadGuiney@discussions.microsoft.com> wrote in message
news:4E019A44-C020-460F-AC8F-A817A4BFB072@microsoft.com...
>I have a user that encrypted a file on the desktop and the user acct has
>been
> deleted off the server. The user no longer works here and I need to
> recover
> the file. I have exported the administrator file recovery certificate and
> imported it on the workstation in question. However it does not let me
> decrypt the file. I dont have a PKI or CA setup on the domain. I have
> looked
> for articles on the web but what I have read is not working. From what I
> read
> I should be able to log on to the workstation as the domain admin and
> decrypt
> the file but nothing is working. Is there any way to recover the file? any
> help would be greatly appreciated!!
>
> Thanks
> Chad
!