Solved

Recovering encrypted files after creating new SBS domain

Posted on 2009-04-02
9
220 Views
Last Modified: 2013-12-04
We had a Windows 2003 SBS R2 server crash a few months ago, and setup a new server.  It has the same domain name as it had before, but since we were unable to restore AD as it is new hardware, all machine and user accounts had to be created.  Since we only had 16 of each, it didn't take long to do, but obviously it created new profiles on each machine as well.  One of the users had encrypted tax documents that he needs for tax season, but since he logs into a different profile although the domain\user is the same as before, he cannot decrypt the files.  The old profile is still on the machine, but there was no private key exported before the server crashed.  The files were encrypted using a domain account on the previous domain controller.  Since that domain controller is no longer live, is there a way to log into the previous cached profile on the XP Professional laptop to decrypt the files?  If the domain name had been different, it wouldn't be an issue to log into the machine with the cached profile, but that domain\user combination brings up the new profile.
0
Comment
Question by:MikieTimT
  • 4
  • 4
9 Comments
 
LVL 88

Expert Comment

by:rindi
ID: 24057312
If the utility below can't help, you are probably out of luck:

http://www.elcomsoft.com/aefsdr.html
0
 
LVL 34

Expert Comment

by:Michael-Best
ID: 24058161
Remove HDD, then
Via (IDE)ATA /SATA as a slave drive on an XP machine / set drive jumper to slave.
0
 

Author Comment

by:MikieTimT
ID: 24061884
I don't think that the tool above will help in this case.  From what I've read about EFS in a domain environment, the private key is stored on the domain controller rather than in the local filesystem, and that you cannot even access your encrypted files when offline.  Since the domain controller is what failed, the private key is no longer accessible unless XP somehow had something in the cached profile.  Can anyone confirm that there is no copy of the private key on the XP hard drive for offline use, or have I misunderstood?  If there is no private key available, are there any other options for recovering the files?
0
 
LVL 88

Expert Comment

by:rindi
ID: 24062685
What failed on the original server? What about restoring a backup?
0
New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

 

Author Comment

by:MikieTimT
ID: 24063138
The motherboard failed, and everything else was old enough that we couldn't justify buying a replacement motherboard.  So we couldn't do an AD restore on the new server that we purchased as a replacement, as the board in the new system was 2 generations newer than that of the old server.  So, we just restored the user files and mail and created everything new.
0
 
LVL 88

Expert Comment

by:rindi
ID: 24063982
You could probably use the utility I linked to earlier if you either restore the complete backup of the old server to some other Box on the Disk you restore to. Or another option would be to use it to scan the disks of the old server if they still exist.
0
 

Author Comment

by:MikieTimT
ID: 24064258
Unfortunately, that server crashed several months back, so no backups remain from that old server, and the disks got formatted and put into other systems, so we're hosed there.  I read that the tool could go through deleted data, but a complete format likely creamed any chance of getting anything of the old server disks.
0
 
LVL 88

Expert Comment

by:rindi
ID: 24064278
Then I'm afraid the encrypted data is lost.
0
 

Accepted Solution

by:
MikieTimT earned 0 total points
ID: 24103759
Actually, I ended up consulting Microsoft Professional Support, and after engaging an encryption support specialist, they had me try an internally developed tool, which required the path to the old profile as well as the password.  It then retrieved the old certificate into the current profile, and we were able to decrypt everything that was encrypted on that hard drive.  The file that was encrypted directly on a network drive on the old server was unfortunately not retrievable using the tool since the certificate would not have been accessible.  I appreciate your time in trying to help.  I thought I'd post the solution that worked for me for the benefit of other users.
0

Featured Post

Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
OfficeMate Freezes on login or does not load after login credentials are input.
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now