?
Solved

BartPE and EFS

Posted on 2008-06-19
4
Medium Priority
?
950 Views
Last Modified: 2012-05-05
I am looking for a way to build a BartPE image that will allow me to import a users EFS certificates so that I can decrypt and recover their files. Thanks!
0
Comment
Question by:jbyrd1981
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 25

Expert Comment

by:slam69
ID: 22023302
Hi,

This isnt possible for the very reason that you wouldnt want to buold an image that included an individuals EFS certificate otherwise each time you install the image the certfifcate would be included great if you only have one user but if your deploying to lots of users then teh certficate could get wrongly used.

id recommend always making sure the efs is done as a standalone task
0
 
LVL 1

Author Comment

by:jbyrd1981
ID: 22026738
Another option I have been researching is using windows backup utility to copy the users profile. From what I understand it will copy the files even if encrypted with EFS. This way I can put in the BartPE disk into the computer with the bad drive, copy the users profile to an external location, then move that data to a new machine and import their certs. I have tried using a nt5backup plugin for Bart but have not been able to get it to work correctly. Any ideas??
0
 
LVL 25

Assisted Solution

by:slam69
slam69 earned 400 total points
ID: 22033511
Hmm interesting idea and have to be honest its not something I have tried I just know you cant put an EFS certificate onto PE.

Does sound feasible what you are looking into does the back up complete at the least if so i would recommend setting up a network storage area for admins only of your EFS cert backups and backing up the data, then in the event of driver failure you restore the backup of teh encrypted files and pull the necessary certificate out your storage area?

Tyhats a method i have seen employed before
0
 
LVL 1

Accepted Solution

by:
jbyrd1981 earned 0 total points
ID: 22080474
I got it to work! All EFS files were copied and I put the users profile on another machine and it came back up great. Once their certs were available they had access to all the files EFS'd on the bad drive. I could never get the plugin for nt5backup to work for BartPE so I just used the one on the drive that I was recovering data from, it is in the c:\Windows\System32 folder. There are some errors initially but I found that if you disable volume shadow copy it works flawlessly and copies the users profile including EFS files to an extermal drive I had hooked up. Thanks for all the help though!
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question