EFS Data Recovery

  • Thread starter Thread starter Sukhwinder Singh
  • Start date Start date
S

Sukhwinder Singh

Dear All,

We are facing a problem with the EFS encrypted files. We have 2 Windows 2003
Domains. Domain a.com and b.com. We are in process of migrating the users
from a.com to b.com. The users in a.com have Windows certificate server and
the users are using the certificates to encrypt the files using EFS. We have
installed the Certificate server in b.com domain and we are decrypting the
files from the a.com before user migration to b.com and then re-encrypting
those files in b.com domain.

Everything is working fine this way and users are able to get their files.
But with one user the issue happened and some files were not decrypted in the
old domain and we have migrated the user to b.com domain. After computer
migration we have also redirected his new profile to old profile so that he
can get his old data.

After this is done he has informed us that he is not able to open some of
the files which were encrypted. We have tried to recover those files using
recovery agent of old domain but in process of the same the Recovery agent
was removed from efs files. Now we are not able to open those files and also
we are not abel to decrypt the files.

We have tried bringing the workstation to old domain and logged in with his
old profile but no use.

The files are very important for the user and he needs it back at any cost.
The user is of very very high profile so we have to get the files back.

Can someone help me to get the data back from those files.

Thanks and Regards,
 
Dear All,
We are facing a problem with the EFS encrypted
files. We
have 2 Windows 2003 Domains. Domain a.com and
b.com. We
are in process of migrating the users from a.com
to
b.com. The users in a.com have Windows
certificate server
and the users are using the certificates to
encrypt the
files using EFS. We have installed the
Certificate server
in b.com domain and we are decrypting the files
from the
a.com before user migration to b.com and then
re-encrypting those files in b.com domain.

Everything is working fine this way and users
are able to
get their files. But with one user the issue
happened and
some files were not decrypted in the old domain
and we
have migrated the user to b.com domain. After
computer
migration we have also redirected his new
profile to old
profile so that he can get his old data.

After this is done he has informed us that he is
not able
to open some of the files which were encrypted.
We have
tried to recover those files using recovery
agent of old
domain but in process of the same the Recovery
agent was
removed from efs files. Now we are not able to
open those
files and also we are not abel to decrypt the
files.

We have tried bringing the workstation to old
domain and
logged in with his old profile but no use.

The files are very important for the user and he
needs it
back at any cost. The user is of very very high
profile
so we have to get the files back.

Can someone help me to get the data back from
those files.

Thanks and Regards,

You'll only get them back if they were properly
encrypted with keys which were also exported for
use in situations like this one. No keys,
corrupted keys, or bad keys just will not work.
One thing MS did right was get encryption right;
it cannot be broken by normal means. They will
have to be put back on the original machine they
were encryped on and decrypted there, but the
original machine has to also be the very same set
of applications and OS they were encrypted under;
a repair install, anything like that ruined the
keys and they were all reassigned new keys and
hopefully, re-exported by the user. ARE they
still on that machine? IF so, start over again
and check the key exports first to be srue they
are ALL exported!
What MS did wrong was to not make it entirely
clear to users.

IME, once they're gone, they're gone.
They "MIGHT" be recoverable, at great expense,
by a company that specializes in such things but
it's going to take time and be expensive. Not to
mention being disclosed.

Time to also reconsider backup strategies.
Current ones didn't work & probably weren't
thought out well enough.

My 2 ¢; wish I was wrong, but ... pretty sure I'm
not.

Twayne


Where are his backups?
 
Back
Top