Login

Username:

Password:

Remember me



Lost Password?

Register now!

Related Sponsor


Browsing this Thread:   1 Anonymous Users





EFS Woes
Just popping in
Joined:
2006/9/22 1:07
Group:
Registered Users
Posts: 2
Level : 1
HP : 0 / 0
MP : 0 / 22
EXP : 2
Offline
Hello:

I ran across jseymour's post at Don't Lose Your Encrypted Data and thought perhaps someone here has some suggestions for solving an EFS problem.

I inadvertently encrypted a directory under Windows 2000. I backed up the 'Documents and Settings' folders (but did not export any keys) before reformatting the hard drive, and was left with quite a number of encryption keys in various locations. I've now switched to XP, and am unable to decrypt the encrypted files (which are still on another drive - I've not been able to move them). Advanced EFS Recovery doesn't do the trick, and I've tried moving the old key files to the XP locations where I presume they should be, but again without success. Is there any way around this problem?

Many thanks for any advice.

Posted on: 2006/9/22 1:20
Transfer the post to other applications Transfer


Re: EFS Woes
Webmaster
Joined:
2004/11/5 12:31
From Ponte Vedra Beach, Florida
Group:
Webmasters
Posts: 201
Level : 13
HP : 0 / 305
MP : 67 / 11650
EXP : 21
Offline
I think the short answer is no. You see the encryption within the EFS are tied to 2 things, both unique.

1 - the key itself
and 2 - the user SID

Once you format the hard disk you distroy #2 which makes any keys tied to that user unusable.

This is why it is important to create a data recovery agent, but if you reformat to reinstall it is important to create another recovery agent and import all data recovery certificates on each new install, if you miss one (as I did once) it renders all certificates unusable.

Very sorry to have to give bad news here, but that is why I wrote that article you mentioned in the first place.

You may also want to have a look at a kind of EFS best practice checklist Here.

Posted on: 2006/9/22 1:45
Transfer the post to other applications Transfer


Re: EFS Woes
Just popping in
Joined:
2006/9/22 1:07
Group:
Registered Users
Posts: 2
Level : 1
HP : 0 / 0
MP : 0 / 22
EXP : 2
Offline
Thanks for your reply.

The keys that Advanced EFS Recovery has decrypted show the Owner SID, eg.: S-1-5-21...........500. Those keys that the program cannot decrypt do not show SID's - presumably they were lost at re-format. I may be entirely wrong, but I'm guessing that it should be possible to re-create missing SID's, since they seem to follow a particular format, but so far have not found any software which uses this approach.

Posted on: 2006/9/22 2:58
Transfer the post to other applications Transfer


Re: EFS Woes
Webmaster
Joined:
2004/11/5 12:31
From Ponte Vedra Beach, Florida
Group:
Webmasters
Posts: 201
Level : 13
HP : 0 / 305
MP : 67 / 11650
EXP : 21
Offline
Well it could be possible but not likely. If it was that easy it would negate the purpose of encryption because it could be broken on another machine at will.

If you do find such a software please let me know, I still have my lost files here somewhere.

I do hope my articles will help you prevent such a loss in the future. And BTW welcome to warpigw2.com.

Posted on: 2006/9/22 3:04
Transfer the post to other applications Transfer






You can view topic.
You cannot start a new topic.
You cannot reply to posts.
You cannot edit your posts.
You cannot delete your posts.
You cannot add new polls.
You cannot vote in polls.
You cannot attach files to posts.
You cannot post without approval.

[Advanced Search]


Related Sponsor

Bookmark and Share