Archived from groups: microsoft.public.win2000.security (
More info?)
The private key used to decrypt EFS files is stored in the user's profile
and there may be a Recovery Agent depending on the operating system. Windows
2000 clients require a Recovery Agent which can also decrypt the EFS files.
The RA for a domain by default is the built in administrator account and the
RA key probably would be on the first domain controller in the domain -
usually pdc fsmo. You can use the efsinfo utility to find the Recovery Agent
for an EFS file.
Your options would be to use the Recovery Agent to decrypt the files, use
the user's private key if it had been exported to a password protected .pfx
file, or restore the users/Recovery Agent profile from a backup if the
backup contains the user's profile. To use a RA you can backup and restore
the EFS files to the RA's workstation or install the RA's
certificate/private key via a .pfx file to the computer where the EFS files
are. If you did a new install of the domain controller versus a restore from
a System State backup, you may need a tool from Microsoft support [not free]
or a third party recovery tool [not free] to attempt to recover the files
assuming there is access to the user's profile. The links below may
elp. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316
http://www.elcomsoft.com/aefsdr.html
"MCage" <MCage@discussions.microsoft.com> wrote in message
news:3439C2AE-61E0-4CAF-9A9B-970686D65FA6@microsoft.com...
> Hi all,
> I have HP server with Win2000 domain controller and 10 clients, my problem
> is one of these clients has encrypted files (large document, mail, photo)
> in
> all the suden the DC crashed (SW issue) so i did a new installation for DC
> and ISA and Exchange in other directory...But still I can't access the
> encrypted files
> How to solve such problem???
Facebook
Twitter
Instagram