| Author |
Message |
E. James
Guest
|
 Posted:
Wed Sep 28, 2005 8:52 pm Post subject:
EFS on crashed OS - how to retreive files |
|
|
I have a somewhat similar question regarding encrypted files. Clinet had
multiple partitions on the workstation withthe OS isolated on the primary
partition. Data files were maintained on a separate partition and even a
separate HDD. The first HDD crashed, which contained the OS. No recovery
method was successful due to hardware damage. New hardware was installed an
a fresh OS was installed, using the same user information in the same domain.
The original files exist and even specify that the encryption key holder is
DOMAIN/user account. However, when the client logs on (user account was NOT
modified in the domain during the downtime) the user can not access the
encrypted files.
What is the methodology to retreive these files since it is the same user
account in the domain? Keep in mind that since it was a hardware crash,
there was no possibility to export the keys after the crash.
TIA, |
|
| Back to top |
|
 |
Vincent Xu [MSFT]
Guest
|
| Posted:
Thu Sep 29, 2005 8:17 am Post subject:
RE: EFS on crashed OS - how to retreive files |
|
|
Hi James,
Let me explain something about EFS first.
If the user encrypts a file when there is no CA available or if the CA
cannot be contacted at the time he/she encrypts a file, the Windows XP
operating system will generate a self-signed EFS certificate with an
expiration date of 100 years. But whether the EFS certificate is from CA
or the user itself, it is stored locally. That is mean stored in your
crashed OS.
Based on my experience, by default the system will assign the domain
adiministrator as recovery agent. You may try to log on as domain
administrator to recovery the data. If this failed. I'm afriad the data
would be lost.
Since our migration newsgroup is focused on the process of migration
between 2 domains. So I think following newsgroup should be more
approperate place for your issue:
microsoft.public.windows.server.security
Thanks for understanding.
Best regards,
Vincent Xu
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
--------------------
| Quote: | Thread-Topic: EFS on crashed OS - how to retreive files
thread-index: AcXEWhVz0svHR29HR4mx7qIzQ32YKg==
X-WBNR-Posting-Host: 24.172.153.216
From: "=?Utf-8?B?RS4gSmFtZXM=?=" <EJames@discussions.microsoft.com
Subject: EFS on crashed OS - how to retreive files
Date: Wed, 28 Sep 2005 11:26:03 -0700
Lines: 18
Message-ID: <77BD4CCA-6538-48E4-BA83-8BA28732D46F@microsoft.com
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.windows.server.migration
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.migration:12147
X-Tomcat-NG: microsoft.public.windows.server.migration
I have a somewhat similar question regarding encrypted files. Clinet had
multiple partitions on the workstation withthe OS isolated on the primary
partition. Data files were maintained on a separate partition and even a
separate HDD. The first HDD crashed, which contained the OS. No
recovery
method was successful due to hardware damage. New hardware was installed
an
a fresh OS was installed, using the same user information in the same
domain.
The original files exist and even specify that the encryption key holder
is
DOMAIN/user account. However, when the client logs on (user account was
NOT
modified in the domain during the downtime) the user can not access the
encrypted files.
What is the methodology to retreive these files since it is the same user
account in the domain? Keep in mind that since it was a hardware crash,
there was no possibility to export the keys after the crash.
TIA,
|
|
|
| Back to top |
|
|
E. James
Guest
|
| Posted:
Thu Sep 29, 2005 8:50 pm Post subject:
RE: EFS on crashed OS - how to retreive files |
|
|
Vincent,
Thank you for your advice - I will try posting there.
"Vincent Xu [MSFT]" wrote:
| Quote: | Hi James,
Let me explain something about EFS first.
If the user encrypts a file when there is no CA available or if the CA
cannot be contacted at the time he/she encrypts a file, the Windows XP
operating system will generate a self-signed EFS certificate with an
expiration date of 100 years. But whether the EFS certificate is from CA
or the user itself, it is stored locally. That is mean stored in your
crashed OS.
Based on my experience, by default the system will assign the domain
adiministrator as recovery agent. You may try to log on as domain
administrator to recovery the data. If this failed. I'm afriad the data
would be lost.
Since our migration newsgroup is focused on the process of migration
between 2 domains. So I think following newsgroup should be more
approperate place for your issue:
microsoft.public.windows.server.security
Thanks for understanding.
Best regards,
Vincent Xu
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
--------------------
Thread-Topic: EFS on crashed OS - how to retreive files
thread-index: AcXEWhVz0svHR29HR4mx7qIzQ32YKg==
X-WBNR-Posting-Host: 24.172.153.216
From: "=?Utf-8?B?RS4gSmFtZXM=?=" <EJames@discussions.microsoft.com
Subject: EFS on crashed OS - how to retreive files
Date: Wed, 28 Sep 2005 11:26:03 -0700
Lines: 18
Message-ID: <77BD4CCA-6538-48E4-BA83-8BA28732D46F@microsoft.com
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.windows.server.migration
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.migration:12147
X-Tomcat-NG: microsoft.public.windows.server.migration
I have a somewhat similar question regarding encrypted files. Clinet had
multiple partitions on the workstation withthe OS isolated on the primary
partition. Data files were maintained on a separate partition and even a
separate HDD. The first HDD crashed, which contained the OS. No
recovery
method was successful due to hardware damage. New hardware was installed
an
a fresh OS was installed, using the same user information in the same
domain.
The original files exist and even specify that the encryption key holder
is
DOMAIN/user account. However, when the client logs on (user account was
NOT
modified in the domain during the downtime) the user can not access the
encrypted files.
What is the methodology to retreive these files since it is the same user
account in the domain? Keep in mind that since it was a hardware crash,
there was no possibility to export the keys after the crash.
TIA,
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in