1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AAAAARGHHH!!!! - EFS!!!

Discussion in 'Software' started by zebulebu, Oct 23, 2006.

  1. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    nnnghhhhh.

    Hoping the kudos I've built up here from helping people out in the past will help me out of a jam.

    I've never worked with EFS before (strange, I know, for a security bod!). I have an encrypted folder which is stored on one of my PCs. Unfortunately, that PC went south last night (PSU exploded, taking the Mobo, RAM, GPU, CPU and gawd knows what else with it).

    Luckily, the HDD survived the catastrophe. However, when I stick it in a different box, despite being able to see the encrypted folder, and the files stored within it, I can't open them - either with a domain admin account or with the account that encrypted the folder in the first place.

    Has anybody else had any experience with EFS? I have exported the Domain Admin account's keys, but am at a loss as to what to do with them!
     
    Certifications: A few
    WIP: None - f*** 'em
  2. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    Which OS is this Zeb as EFS recovery varies slightly between 2K and XP etc?

    Also, were you able to boot up with the original operating system in the new hardware or did you have to do a parallel install?
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  3. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Cheers BR

    The original OS was XP, all I've done is pull the drive from the FUBARed box and shove it into a 2K box. I was hoping that doing this would allow me to access the data using the domain account I encrypted it with (the folder concerned is on a data partition)
     
    Certifications: A few
    WIP: None - f*** 'em
  4. Mr.Cheeks

    Mr.Cheeks 1st ever Gold Member! Gold Member

    5,369
    85
    190
    would linux live or bartpe not work in this case?
     
  5. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    No mate, you need a secret key :wink:
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  6. Mr.Cheeks

    Mr.Cheeks 1st ever Gold Member! Gold Member

    5,369
    85
    190
    thats a bi7ch then, about SprinRite?
     
  7. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    Hmmm, well then this is not how things are supposed to work. You should be able to open those encrypted files with the same account that created them. The question is why can't you? I presume you were able to prior to the big bang. You have managed to boot the box up, so apart from some driver issues, I wouldn't expect things to have changed much. It's odd.

    I will join you in your googling frenzy :D

    EDIT: Oh you are booting into W2K, well in that case, it makes more sense - hang on..
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  8. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  9. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Cheers Pete, I'll give it a go tomorrow.

    Decided to stop working for a while so I can watch game two of the World Series :biggrin
     
    Certifications: A few
    WIP: None - f*** 'em
  10. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    SpinRite is a program for recovering non encrypted data from a faulty HDD.

    In Zeb's case the HDD is functioning perfectly and all data is accessible.

    However, Zeb has encryped some files using EFS (encrypting file system). Now he can't read those files because he has put the disk in another computer. In order to be able to access those files, he will need a private de-cryption key (certificate).

    Check out the link I posted and you will learn more about EFS.
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  11. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    You know Zeb its like you and BR said its something to do with the keys that could unlock it, I learned that the hard way. But I dont understand why you were not able to access the encrypted files even though you have the keys. I am perplexed.

    I'll look into it, see if I can find anything that will help you.
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  12. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,623
    115
    224
    As I understand it EFS protected files can *only* be accessed either by the *original* account holder, or the admin for that box. The snag is that it uses UIDs for this. So if you take it to another box the UIDs don't match. Ditto if you do a reinstall.

    (This - by the way - is why I won't use EFS - your keys can vanish if you aren't careful!)

    I believe that you are *supposed* to export the keys to a floppy when using EFS to avoid this sort of problem!


    I may have got some of this wrong as I don't use it - I prefer OpenSSL!

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  13. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    5,726
    175
    221
    UID and GUI wont change in a domain environment
     
    Certifications: MCSE, MCITP, VCP
    WIP: > 0
  14. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Thats what I thought Ryan. When i get back in, I'm going to try and stick the disk in an XP box as a slave and see if I can pull the files from there. Failing that, I'm going to build another box from scratch and try booting into the O/S on the boot partition of the drive from teh FUBARed box.

    Hopefully one of these will work - otherwise I'm in a world of pain, cos, as well as loads of stuff related to private customers (invoices etc), all my tax records from when I was contracting and large quantities of technical docs, all my pr0n is on there... :oops:
     
    Certifications: A few
    WIP: None - f*** 'em
  15. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    This should work, if it boots!

    Now that is a disaster :twisted:
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  16. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Success!

    Shoved it in as the primary on a 'spare' box I had lying around, and successfully pulled the encryption off all the files (and pr0n) that were on there. Strange though, sticking it in as a slave on an XP box didn't work - just shows I've got a LOT to learn about EFS :oops:
     
    Certifications: A few
    WIP: None - f*** 'em
  17. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    I can sense the relief from 12000 miles away :biggrin
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  18. nugget
    Honorary Member

    nugget Junior toady

    7,796
    71
    224
    Glad to hear that you rescued your pr0n zeb. I guess the other stuff is just a bonus.:D
     
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685
  19. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Ohhhhh you have NO idea how pleased I was to get that back. It was nice to get all my invoices, tax records, payslips, my CV, essential technical information and stuff back - but as nug says, that was all gravy - it's the filth that matters :twisted:
     
    Certifications: A few
    WIP: None - f*** 'em
  20. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    wow all that data and losing it I cant imagin what you would feel like, but fortunatly you got it.
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA

Share This Page

Loading...