Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 392
  • Last Modified:

Encrypted files after dcpromo

Encrypted files after DCPROMO


Hi experts we have recently performed a  DCPromo on a legacy server. The server is a Windows 2000 with SP4 , the server held all of the FSMO roles and these have been moved to a Windows 2003 server.

The DCPROMO itself seemed fine,  but a two days after the DCPROMO  a user mentioned that they could not connect to a file share that was on the old DC.

Upon investigation we found that the user has put encryption on the directory, thus not allowing us to copy, open, un-encrypt . We have the default recovery policy and I have logged in as Administrator.



Is there a way I can un-encrypt the files ?
How do I find out what Key Encrypted the files ?
Why would DCPROMO cause this issue ?  

0
mallyon
Asked:
mallyon
  • 2
  • 2
  • 2
  • +1
1 Solution
 
KCTSCommented:
If the files are on a domain and have been encrypted with a domain account then by default the "administrator" (note THE Administrator - not a member of the administrators group), has the Data Recovery Agen key and can unencrypt the files.

If its not on a domain or a local account as used to encrypt the files there there is no recovery agent bey default.

Encryption is very good - if there is no recovery agent and the user has lost their certificate (a common cause is the resetting of a password - note RESETTING, not changing), then chances of recovery are small which is why there is strong advice to backup the certificates. There is a utility called Elcomsoft EFS which claimes to be able to recover encrypted files but it is unproven - I have yet to find anyone who says it has worked see http://www.elcomsoft.com/aefsdr.html if you want to give it a try.

0
 
pistolslapperCommented:
I have only heard this and not tried it, but you could try copying the encrypted files to a disk formatted wth a fat32 partition. Someone told me once this can get you out of a jam using windows encryption.
0
 
KCTSCommented:
@@ pistolslapper
NO that does not work - whoever told you did not know what they were takling about
If it did work it would be a serious security flaw and render encryption useless ... in order to move an encrypted file to a FAT drive it has to be decrypted - and you can only do that if you have the certificate.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
pistolslapperCommented:
Thanks for the clarification KCTS.

0
 
mallyonAuthor Commented:
Hi Experts

WI think I found the killer line in http://support.microsoft.com/kb/241201 
"the built-in Administrator account on the first domain controller in the domain is designated as the default recovery agent. " 

"first" being the killer  

So is my only course of action to restore the domain controler ?  
0
 
CEORACECommented:
No, there is a program available.  I will research and get back to you
0
 
CEORACECommented:
If the files are important enough, ELCOMSOFT (elcomsoft.com) makes a program that recovers encrypted files.  I made the same mistake once and had to use it.  It recovered all my files.  All the permissions, etc are lost, but the files were fine.  I don't recall, but I think I had to reset the read only flag on all of them, but small price to pay.

I looked on their website, and it is 149 for the standard edition.
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now