decrypting a file question

Archived from groups: microsoft.public.win2000.security (More info?)

I'm guessing I'm "sol" here but I just have to ask.

A long while back I selected a folder to encrypt using the checkbox on the
folders properties box in the advanced form. It worked just fine. I never
did do anything about creating any certificates or agents or anything as
backup. I'm just an applications guy who needs a lan setup to do what I do,
so I learned enough AD, DNS, Exchange and so forth to make it all more or
less work. I do backups fairly well, and my systyem seems safe enough.

Recently I upgraded my W2K PDC to be a W2K3 SBS PDC. I ran DCPROMO a little
prematurely (on hind sight), and I neglected to remove the encryption
settings on this folder. This server is now just a member server in my new
LAN with a new PDC.

My files and such are all still there. And I can get to all of them, just
can't access the encrypted ones.

Is there an administractive "backdoor" that will gain me access?

regards,

doug
2 answers Last reply
More about decrypting file question
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    EFS has a way of biting people when it comes to accessing their own files.
    The EFS "private" key that is used to decrypt files is stored in the user
    profile of the user account that encrypted the file and the Recovery Agent
    profile that was in effect at the time that the files were encrypted/
    Windows 2000 requires a Recovery Agent which can be the built in local
    administrator account for the local computer or the built in administrator
    account for the domain. For a domain the built in administrator account EFS
    recovery certificate would probably be on the first domain controller for
    the domain.

    I am not sure exactly all what you reconfigured but that may help give you
    somewhere to look. You can use the tool efsinfo to find the user and RA's
    that can decrypt a file and the thumbprint info for the certificates that
    will be helpful in tracking them down if they exist. The mmc snapin for
    certificates for user can be used to view the certificates on a computer for
    a user in the personal/certificates folder. The EFS or Recovery Agent
    certificate needs to show that "you have the private key that corresponds
    with this certificate" on the general page of the certificate in order to be
    able to decrypt the EFS certificate. If you find a Recovery Agent you can
    either back/restore the EFS files to the computer where the RA lives or
    export the RA certificate AND private key to a password protected .pfx file
    to import to the computer where the EFS files are.

    Normally users have problems when the reinstall the operating system as
    profiles can be erased or associated with the wrong computer operating
    system ID. If you have a backup of the users profiles that encrypted the
    files you probably still have a copy of the EFS private key though it can
    not be restored via normal means. If that is the case and you know the user
    password then you may be able to recover the EFS files with the help of
    Microsoft support [around $245] or the use of a program such as the one from
    Elcomsoft that sells for $99. Elcomsoft does have a free trial download that
    you can use but it will only recover very small files, but it should let you
    know if the private keys are found or not. The first link below is to
    Elcomsoft and the other two may provide info to lead you to a solution. ---
    Steve

    http://www.elcomsoft.com/aefsdr.html
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;q223316 --- EFS
    best practices.
    http://support.microsoft.com/default.aspx?scid=kb;en-us;259732&sd=tech ---
    info on Recovery Agent

    "douglas martin" <dsmrtn-supt@pacbell.net> wrote in message
    news:Oj7VQLTZFHA.4088@TK2MSFTNGP15.phx.gbl...
    > I'm guessing I'm "sol" here but I just have to ask.
    >
    > A long while back I selected a folder to encrypt using the checkbox on the
    > folders properties box in the advanced form. It worked just fine. I
    > never
    > did do anything about creating any certificates or agents or anything as
    > backup. I'm just an applications guy who needs a lan setup to do what I
    > do,
    > so I learned enough AD, DNS, Exchange and so forth to make it all more or
    > less work. I do backups fairly well, and my systyem seems safe enough.
    >
    > Recently I upgraded my W2K PDC to be a W2K3 SBS PDC. I ran DCPROMO a
    > little
    > prematurely (on hind sight), and I neglected to remove the encryption
    > settings on this folder. This server is now just a member server in my
    > new
    > LAN with a new PDC.
    >
    > My files and such are all still there. And I can get to all of them, just
    > can't access the encrypted ones.
    >
    > Is there an administractive "backdoor" that will gain me access?
    >
    > regards,
    >
    > doug
    >
    >
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    I seem to have all profiles. I didn't reinstall anything. I just demoted
    myt PDC to a member server and then joined my new domain.

    I'll look into your suggestions and links. I only have 1 file small file
    needing decryption.

    regards,

    doug

    "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
    news:#snqOEVZFHA.3364@TK2MSFTNGP09.phx.gbl...
    > EFS has a way of biting people when it comes to accessing their own files.
    > The EFS "private" key that is used to decrypt files is stored in the user
    > profile of the user account that encrypted the file and the Recovery Agent
    > profile that was in effect at the time that the files were encrypted/
    > Windows 2000 requires a Recovery Agent which can be the built in local
    > administrator account for the local computer or the built in administrator
    > account for the domain. For a domain the built in administrator account
    EFS
    > recovery certificate would probably be on the first domain controller for
    > the domain.
    >
    > I am not sure exactly all what you reconfigured but that may help give you
    > somewhere to look. You can use the tool efsinfo to find the user and RA's
    > that can decrypt a file and the thumbprint info for the certificates that
    > will be helpful in tracking them down if they exist. The mmc snapin for
    > certificates for user can be used to view the certificates on a computer
    for
    > a user in the personal/certificates folder. The EFS or Recovery Agent
    > certificate needs to show that "you have the private key that corresponds
    > with this certificate" on the general page of the certificate in order to
    be
    > able to decrypt the EFS certificate. If you find a Recovery Agent you can
    > either back/restore the EFS files to the computer where the RA lives or
    > export the RA certificate AND private key to a password protected .pfx
    file
    > to import to the computer where the EFS files are.
    >
    > Normally users have problems when the reinstall the operating system as
    > profiles can be erased or associated with the wrong computer operating
    > system ID. If you have a backup of the users profiles that encrypted the
    > files you probably still have a copy of the EFS private key though it can
    > not be restored via normal means. If that is the case and you know the
    user
    > password then you may be able to recover the EFS files with the help of
    > Microsoft support [around $245] or the use of a program such as the one
    from
    > Elcomsoft that sells for $99. Elcomsoft does have a free trial download
    that
    > you can use but it will only recover very small files, but it should let
    you
    > know if the private keys are found or not. The first link below is to
    > Elcomsoft and the other two may provide info to lead you to a
    olution. ---
    > Steve
    >
    > http://www.elcomsoft.com/aefsdr.html
    > http://support.microsoft.com/default.aspx?scid=kb;EN-US;q223316 --- EFS
    > best practices.
    >
    ttp://support.microsoft.com/default.aspx?scid=kb;en-us;259732&sd=tech ---
    > info on Recovery Agent
    >
    > "douglas martin" <dsmrtn-supt@pacbell.net> wrote in message
    > news:Oj7VQLTZFHA.4088@TK2MSFTNGP15.phx.gbl...
    > > I'm guessing I'm "sol" here but I just have to ask.
    > >
    > > A long while back I selected a folder to encrypt using the checkbox on
    the
    > > folders properties box in the advanced form. It worked just fine. I
    > > never
    > > did do anything about creating any certificates or agents or anything as
    > > backup. I'm just an applications guy who needs a lan setup to do what I
    > > do,
    > > so I learned enough AD, DNS, Exchange and so forth to make it all more
    or
    > > less work. I do backups fairly well, and my systyem seems safe enough.
    > >
    > > Recently I upgraded my W2K PDC to be a W2K3 SBS PDC. I ran DCPROMO a
    > > little
    > > prematurely (on hind sight), and I neglected to remove the encryption
    > > settings on this folder. This server is now just a member server in my
    > > new
    > > LAN with a new PDC.
    > >
    > > My files and such are all still there. And I can get to all of them,
    just
    > > can't access the encrypted ones.
    > >
    > > Is there an administractive "backdoor" that will gain me access?
    > >
    > > regards,
    > >
    > > doug
    > >
    > >
    >
    >
Ask a new question

Read More

Windows