+ Post New Thread
Results 1 to 7 of 7
Windows Thread, Fun with EFS in Technical; Ok, has anyone ever had to recover files encrypted using 2k3/XP's Encrypted File System? One of our office staff decided ...
  1. #1

    Join Date
    Jun 2005
    Location
    Elgin, Scotland
    Posts
    387
    Thank Post
    1
    Thanked 4 Times in 4 Posts
    Rep Power
    23

    Fun with EFS

    Ok, has anyone ever had to recover files encrypted using 2k3/XP's Encrypted File System? One of our office staff decided to encrypt an archive of files held on the Staff Shared drive when she started last year. Unfortunately her profile appears to have lost the EFS key and she now can't access these files. And neither can I.

    Anyone got any ideas?

  2. #2

    russdev's Avatar
    Join Date
    Jun 2005
    Location
    Leicestershire
    Posts
    6,926
    Thank Post
    709
    Thanked 552 Times in 367 Posts
    Blog Entries
    3
    Rep Power
    204

    Re: Fun with EFS

    just seen this while looking for something else

    http://tcpmag.com/forums/forum_posts...646&pn=1&Tpn=1

    Russ

  3. #3

    Join Date
    Jun 2005
    Location
    Elgin, Scotland
    Posts
    387
    Thank Post
    1
    Thanked 4 Times in 4 Posts
    Rep Power
    23

    Re: Fun with EFS

    Oh well, she's buggered then. The linked post gave a link to a KB article which basically said that if you do not have a backup of the user's EFS Key or the DRA's EFS Key then ur up Faeces Creek with out a paddle.

    And I can't locate either key where they should be.


    That'll teach her not to encrypt things without asking the Admins. :twisted:

  4. #4
    mark's Avatar
    Join Date
    Jun 2005
    Posts
    3,966
    Thank Post
    248
    Thanked 49 Times in 45 Posts
    Blog Entries
    2
    Rep Power
    46

    Re: Fun with EFS

    Researching AUP's and the "law" it says that if anyone encrypts data on your network they have to give the administrator that password. And it's said like that should be stated in the AUP too.

  5. #5
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34

    Re: Fun with EFS

    I'm no expert, but I thought that the Domain Administrator is, by default, the DRA??

  6. #6

    Join Date
    Jun 2005
    Location
    Elgin, Scotland
    Posts
    387
    Thank Post
    1
    Thanked 4 Times in 4 Posts
    Rep Power
    23

    Re: Fun with EFS

    Yep AJB, that Domain Admin is indeed the DRA, but that account can't access the files either. I can't find a certificate in either account.

  7. #7

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Fun with EFS

    You need to make a secondary certificate assigned to the domain admin (or some other sensible account) that can decrypt the EFS files. I'm sure I've seen a MS whitepaper or some such on the matter.

    Ah, here we are:

    http://www.microsoft.com/technet/pro.../dataprot.mspx

SHARE:
+ Post New Thread

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •