[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Recovering encrypted files after creating new SBS domain

Posted on 2009-04-02
9
Medium Priority
?
231 Views
Last Modified: 2013-12-04
We had a Windows 2003 SBS R2 server crash a few months ago, and setup a new server.  It has the same domain name as it had before, but since we were unable to restore AD as it is new hardware, all machine and user accounts had to be created.  Since we only had 16 of each, it didn't take long to do, but obviously it created new profiles on each machine as well.  One of the users had encrypted tax documents that he needs for tax season, but since he logs into a different profile although the domain\user is the same as before, he cannot decrypt the files.  The old profile is still on the machine, but there was no private key exported before the server crashed.  The files were encrypted using a domain account on the previous domain controller.  Since that domain controller is no longer live, is there a way to log into the previous cached profile on the XP Professional laptop to decrypt the files?  If the domain name had been different, it wouldn't be an issue to log into the machine with the cached profile, but that domain\user combination brings up the new profile.
0
Comment
Question by:MikieTimT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
9 Comments
 
LVL 88

Expert Comment

by:rindi
ID: 24057312
If the utility below can't help, you are probably out of luck:

http://www.elcomsoft.com/aefsdr.html
0
 
LVL 34

Expert Comment

by:Michael-Best
ID: 24058161
Remove HDD, then
Via (IDE)ATA /SATA as a slave drive on an XP machine / set drive jumper to slave.
0
 

Author Comment

by:MikieTimT
ID: 24061884
I don't think that the tool above will help in this case.  From what I've read about EFS in a domain environment, the private key is stored on the domain controller rather than in the local filesystem, and that you cannot even access your encrypted files when offline.  Since the domain controller is what failed, the private key is no longer accessible unless XP somehow had something in the cached profile.  Can anyone confirm that there is no copy of the private key on the XP hard drive for offline use, or have I misunderstood?  If there is no private key available, are there any other options for recovering the files?
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
LVL 88

Expert Comment

by:rindi
ID: 24062685
What failed on the original server? What about restoring a backup?
0
 

Author Comment

by:MikieTimT
ID: 24063138
The motherboard failed, and everything else was old enough that we couldn't justify buying a replacement motherboard.  So we couldn't do an AD restore on the new server that we purchased as a replacement, as the board in the new system was 2 generations newer than that of the old server.  So, we just restored the user files and mail and created everything new.
0
 
LVL 88

Expert Comment

by:rindi
ID: 24063982
You could probably use the utility I linked to earlier if you either restore the complete backup of the old server to some other Box on the Disk you restore to. Or another option would be to use it to scan the disks of the old server if they still exist.
0
 

Author Comment

by:MikieTimT
ID: 24064258
Unfortunately, that server crashed several months back, so no backups remain from that old server, and the disks got formatted and put into other systems, so we're hosed there.  I read that the tool could go through deleted data, but a complete format likely creamed any chance of getting anything of the old server disks.
0
 
LVL 88

Expert Comment

by:rindi
ID: 24064278
Then I'm afraid the encrypted data is lost.
0
 

Accepted Solution

by:
MikieTimT earned 0 total points
ID: 24103759
Actually, I ended up consulting Microsoft Professional Support, and after engaging an encryption support specialist, they had me try an internally developed tool, which required the path to the old profile as well as the password.  It then retrieved the old certificate into the current profile, and we were able to decrypt everything that was encrypted on that hard drive.  The file that was encrypted directly on a network drive on the old server was unfortunately not retrievable using the tool since the certificate would not have been accessible.  I appreciate your time in trying to help.  I thought I'd post the solution that worked for me for the benefit of other users.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you ever consider purchasing any Daossoft Software Products, DON'T expect any meaningful support - This article should convince you why!
Employees depend heavily on their PCs, and new threats like ransomware make it even more critical to protect their important data.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question