Encrypted Files

  • Thread starter Thread starter JJ
  • Start date Start date
J

JJ

Hello-

I have a windows XP laptop that is part of a windows domain. The user
encrypted some important files on a d:\subfolder. Windows started to act
weird and windows was reinstalled. All the files on D drive are intact but
the user is unable to access them and gets a access denied error. We have an
enterprise CA in our domain as well. I was wondering if it's possible to
recover those files.I tried third party utilities with no luck. Any help
will be much appreciated.


Thanks,
 
JJ said:
Hello-

I have a windows XP laptop that is part of a windows domain. The user
encrypted some important files on a d:\subfolder. Windows started to act
weird and windows was reinstalled. All the files on D drive are intact but
the user is unable to access them and gets a access denied error. We have an
enterprise CA in our domain as well. I was wondering if it's possible to
recover those files.I tried third party utilities with no luck. Any help
will be much appreciated.
Click to expand...

The domain administrator should be the recovery agent for the files,
have him recover the files.

John
 
JJ said:
I have a windows XP laptop that is part of a windows domain. The
user encrypted some important files on a d:\subfolder. Windows
started to act weird and windows was reinstalled. All the files on
D drive are intact but the user is unable to access them and gets a
access denied error. We have an enterprise CA in our domain as
well. I was wondering if it's possible to recover those files.I
tried third party utilities with no luck. Any help will be much
appreciated.
Click to expand...

In what way does the user logon to the laptop (local account or domain
account?)

Were best practices for EFS followed?

Best practices for the Encrypting File System
http://support.microsoft.com/kb/223316

- Were the certificates and private keys exported to removable media before
the incident where the system was rebuilt?
- Were recovery agents created / utilized?

Although there is much discussion about this - in general - if the best
practices are not followed and access to the encrypted files are ever lost
(with no hope of reverting to a previous state/image) - then the data
contained within the encrypted files is practically gone. ( I say
practically - because if you have a couple of lifetimes - anything is
possible. ;-) )

Wouldn't be much of a protection scheme if there was some easy back door
anyone could use to get in, would it?
 
no best practices were followed. I was reading a article and it mentioned
that the administrator account is the default recovery agent in a domain.
Would this help me in any way? BTW- No keys were exported.

Thanks,
 
Back
Top