DanniF
asked on
Encrypted files under a domain that no longer exists!!
Hi guys,
I really need your help on this one! Here's the deal:
My company just changed domains (deleting subdomains for OU's). This is a Windows 2000 network.
It just so happens that a user has enabled encryption on a folder that contains VERY important billing information for our clients. Needless to say this annual billing should have happened yesterday (literally).
Encrypting folders is based on GUID's and only the owner of the folder or the EFS Recovery Agent (built in domain account) can decrypt these folders. These two are members of a domain that no longer exists and there is no existing copy of the Recovery Agent's private key.
I found one decrypting tool that didn't work.
The only solution I am seeing is that I find an old backup of the AD, restore it onto a machine (that is NOT network connected) get the files to this machine and decrypt.
Is this doable for you guys? Do you know another solution?
With thanks in advance,
Daniel F.
I really need your help on this one! Here's the deal:
My company just changed domains (deleting subdomains for OU's). This is a Windows 2000 network.
It just so happens that a user has enabled encryption on a folder that contains VERY important billing information for our clients. Needless to say this annual billing should have happened yesterday (literally).
Encrypting folders is based on GUID's and only the owner of the folder or the EFS Recovery Agent (built in domain account) can decrypt these folders. These two are members of a domain that no longer exists and there is no existing copy of the Recovery Agent's private key.
I found one decrypting tool that didn't work.
The only solution I am seeing is that I find an old backup of the AD, restore it onto a machine (that is NOT network connected) get the files to this machine and decrypt.
Is this doable for you guys? Do you know another solution?
With thanks in advance,
Daniel F.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
that is a good idea also...
ASKER
Hi guys and thanks to you all for the quick responses!
I have already tried AEFSDR, it finds some keys (most in red) and can not decrypt the files.
I have also tried EFS Key (which worked for the other guy in https://www.experts-exchange.com/questions/20916214/Files-encrypted-as-admin-user-under-one-domain-cannot-be-encrypted-by-admin-user-under-another-domain.html) and it got me to the point where it asks me for the user password, I enter the password for the user who can decrypt this file (verified by efsinfo) but it doesn't work.
I have tried to log on with oldname@olddomain.com with the cable unplugged, still no go.
I am seriously thinking about starting the restore of an old BDC although i prefer not to as this will be a long and painful process.
thanks,
Daniel F.
I have already tried AEFSDR, it finds some keys (most in red) and can not decrypt the files.
I have also tried EFS Key (which worked for the other guy in https://www.experts-exchange.com/questions/20916214/Files-encrypted-as-admin-user-under-one-domain-cannot-be-encrypted-by-admin-user-under-another-domain.html) and it got me to the point where it asks me for the user password, I enter the password for the user who can decrypt this file (verified by efsinfo) but it doesn't work.
I have tried to log on with oldname@olddomain.com with the cable unplugged, still no go.
I am seriously thinking about starting the restore of an old BDC although i prefer not to as this will be a long and painful process.
thanks,
Daniel F.
Hey sirbounty,
What was that other thread we were in sometime last week and they were able to log in with their old account somehow and decrypt them?
What was that other thread we were in sometime last week and they were able to log in with their old account somehow and decrypt them?
ASKER
Thats probably the one i just linked to no?
Ah...yes you be correct.
Yep. ;)
Welcome to the huddle once again diggisaur. :D
Welcome to the huddle once again diggisaur. :D
ASKER
Hi guys,
Thanks for your help, after trying all tools and all solutions I could find I proposed the idea of restoring an old DC and the owner's of the file decided it wasn't necessary (phew).
Thank you all for your help and see you around the forums ;)
Best Regards,
Daniel F.
MCSA, MCSE, A+, Network+
Thanks for your help, after trying all tools and all solutions I could find I proposed the idea of restoring an old DC and the owner's of the file decided it wasn't necessary (phew).
Thank you all for your help and see you around the forums ;)
Best Regards,
Daniel F.
MCSA, MCSE, A+, Network+
Glad to of helped. :)
Advanced EFS Data Recovery (or simply AEFSDR) is a program to recover (decrypt) files encrypted on NTFS (EFS) partitions
http://www.elcomsoft.com/aefsdr.html
Next time, remember ...
HOW TO: Back Up the Recovery Agent Encrypting File System Private Key in Windows 2000
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q241/2/01.asp&NoWebContent=1
Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark
:o) Your brain is like a parachute. It works best when it's open