Link to home
Start Free TrialLog in
Avatar of DanniF
DanniF

asked on

Encrypted files under a domain that no longer exists!!

Hi guys,

I really need your help on this one! Here's the deal:

My company just changed domains (deleting subdomains for OU's). This is a Windows 2000 network.

It just so happens that a user has enabled encryption on a folder that contains VERY important billing information for our clients. Needless to say this annual billing should have happened yesterday (literally).

Encrypting folders is based on GUID's and only the owner of the folder or the EFS Recovery Agent (built in domain account) can decrypt these folders. These two are members of a domain that no longer exists and there is no existing copy of the Recovery Agent's private key.

I found one decrypting tool that didn't work.

The only solution I am seeing is that I find an old backup of the AD, restore it onto a machine (that is NOT network connected) get the files to this machine and decrypt.

Is this doable for you guys? Do you know another solution?

With thanks in advance,

Daniel F.
ASKER CERTIFIED SOLUTION
Avatar of sirbounty
sirbounty
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Purchase this one - it works - you could eventually try their free evaluation (only read)

Advanced EFS Data Recovery (or simply AEFSDR) is a program to recover (decrypt) files encrypted on NTFS (EFS) partitions
http://www.elcomsoft.com/aefsdr.html

Next time, remember ...

HOW TO: Back Up the Recovery Agent Encrypting File System Private Key in Windows 2000
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q241/2/01.asp&NoWebContent=1

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
that is a good idea also...
Avatar of DanniF
DanniF

ASKER

Hi guys and thanks to you all for the quick responses!

I have already tried AEFSDR, it finds some keys (most in red) and can not decrypt the files.

I have also tried EFS Key (which worked for the other guy in https://www.experts-exchange.com/questions/20916214/Files-encrypted-as-admin-user-under-one-domain-cannot-be-encrypted-by-admin-user-under-another-domain.html) and it got me to the point where it asks me for the user password, I enter the password for the user who can decrypt this file (verified by efsinfo) but it doesn't work.

I have tried to log on with oldname@olddomain.com with the cable unplugged, still no go.

I am seriously thinking about starting the restore of an old BDC although i prefer not to as this will be a long and painful process.

thanks,
Daniel F.
Hey sirbounty,

What was that other thread we were in sometime last week and they were able to log in with their old account somehow and decrypt them?
Avatar of DanniF

ASKER

Thats probably the one i just linked to no?
Ah...yes you be correct.
Yep. ;)
Welcome to the huddle once again diggisaur.  :D
Avatar of DanniF

ASKER

Hi guys,

Thanks for your help, after trying all tools and all solutions I could find I proposed the idea of restoring an old DC and the owner's of the file decided it wasn't necessary (phew).

Thank you all for your help and see you around the forums ;)

Best Regards,

Daniel F.
MCSA, MCSE, A+, Network+
Glad to of helped. :)