AAAAARGHHH!!!! - EFS!!!

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

nnnghhhhh.

Hoping the kudos I've built up here from helping people out in the past will help me out of a jam.

I've never worked with EFS before (strange, I know, for a security bod!). I have an encrypted folder which is stored on one of my PCs. Unfortunately, that PC went south last night (PSU exploded, taking the Mobo, RAM, GPU, CPU and gawd knows what else with it).

Luckily, the HDD survived the catastrophe. However, when I stick it in a different box, despite being able to see the encrypted folder, and the files stored within it, I can't open them - either with a domain admin account or with the account that encrypted the folder in the first place.

Has anybody else had any experience with EFS? I have exported the Domain Admin account's keys, but am at a loss as to what to do with them!

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Which OS is this Zeb as EFS recovery varies slightly between 2K and XP etc?

Also, were you able to boot up with the original operating system in the new hardware or did you have to do a parallel install?

 

Cheers BR

The original OS was XP, all I've done is pull the drive from the FUBARed box and shove it into a 2K box. I was hoping that doing this would allow me to access the data using the domain account I encrypted it with (the folder concerned is on a data partition)

 

would linux live or bartpe not work in this case?

 

No mate, you need a secret key

 

thats a bi7ch then, about SprinRite?

 

Hmmm, well then this is not how things are supposed to work. You should be able to open those encrypted files with the same account that created them. The question is why can't you? I presume you were able to prior to the big bang. You have managed to boot the box up, so apart from some driver issues, I wouldn't expect things to have changed much. It's odd.

I will join you in your googling frenzy

EDIT: Oh you are booting into W2K, well in that case, it makes more sense - hang on..

 

Zeb, this is the best info I could come up with and it explains the differences in XP and W2K and gives info on how to recover files and more.

http://www.microsoft.com/technet/prodtechnol/winxppro/support/dataprot.mspx

 

Cheers Pete, I'll give it a go tomorrow.

Decided to stop working for a while so I can watch game two of the World Series

 

SpinRite is a program for recovering non encrypted data from a faulty HDD.

In Zeb's case the HDD is functioning perfectly and all data is accessible.

However, Zeb has encryped some files using EFS (encrypting file system). Now he can't read those files because he has put the disk in another computer. In order to be able to access those files, he will need a private de-cryption key (certificate).

Check out the link I posted and you will learn more about EFS.

 

You know Zeb its like you and BR said its something to do with the keys that could unlock it, I learned that the hard way. But I dont understand why you were not able to access the encrypted files even though you have the keys. I am perplexed.

I'll look into it, see if I can find anything that will help you.

 

As I understand it EFS protected files can *only* be accessed either by the *original* account holder, or the admin for that box. The snag is that it uses UIDs for this. So if you take it to another box the UIDs don't match. Ditto if you do a reinstall.

(This - by the way - is why I won't use EFS - your keys can vanish if you aren't careful!)

I believe that you are *supposed* to export the keys to a floppy when using EFS to avoid this sort of problem!


I may have got some of this wrong as I don't use it - I prefer OpenSSL!

Harry.

 

UID and GUI wont change in a domain environment

 

Thats what I thought Ryan. When i get back in, I'm going to try and stick the disk in an XP box as a slave and see if I can pull the files from there. Failing that, I'm going to build another box from scratch and try booting into the O/S on the boot partition of the drive from teh FUBARed box.

Hopefully one of these will work - otherwise I'm in a world of pain, cos, as well as loads of stuff related to private customers (invoices etc), all my tax records from when I was contracting and large quantities of technical docs, all my pr0n is on there...

 

This should work, if it boots!

Now that is a disaster

 

Success!

Shoved it in as the primary on a 'spare' box I had lying around, and successfully pulled the encryption off all the files (and pr0n) that were on there. Strange though, sticking it in as a slave on an XP box didn't work - just shows I've got a LOT to learn about EFS

 

I can sense the relief from 12000 miles away

 

Glad to hear that you rescued your pr0n zeb. I guess the other stuff is just a bonus.

 

Ohhhhh you have NO idea how pleased I was to get that back. It was nice to get all my invoices, tax records, payslips, my CV, essential technical information and stuff back - but as nug says, that was all gravy - it's the filth that matters

 

wow all that data and losing it I cant imagin what you would feel like, but fortunatly you got it.