Solved

Recovering encrypted files after creating new SBS domain

Posted on 2009-04-02
9
226 Views
Last Modified: 2013-12-04
We had a Windows 2003 SBS R2 server crash a few months ago, and setup a new server.  It has the same domain name as it had before, but since we were unable to restore AD as it is new hardware, all machine and user accounts had to be created.  Since we only had 16 of each, it didn't take long to do, but obviously it created new profiles on each machine as well.  One of the users had encrypted tax documents that he needs for tax season, but since he logs into a different profile although the domain\user is the same as before, he cannot decrypt the files.  The old profile is still on the machine, but there was no private key exported before the server crashed.  The files were encrypted using a domain account on the previous domain controller.  Since that domain controller is no longer live, is there a way to log into the previous cached profile on the XP Professional laptop to decrypt the files?  If the domain name had been different, it wouldn't be an issue to log into the machine with the cached profile, but that domain\user combination brings up the new profile.
0
Comment
Question by:MikieTimT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
9 Comments
 
LVL 88

Expert Comment

by:rindi
ID: 24057312
If the utility below can't help, you are probably out of luck:

http://www.elcomsoft.com/aefsdr.html
0
 
LVL 34

Expert Comment

by:Michael-Best
ID: 24058161
Remove HDD, then
Via (IDE)ATA /SATA as a slave drive on an XP machine / set drive jumper to slave.
0
 

Author Comment

by:MikieTimT
ID: 24061884
I don't think that the tool above will help in this case.  From what I've read about EFS in a domain environment, the private key is stored on the domain controller rather than in the local filesystem, and that you cannot even access your encrypted files when offline.  Since the domain controller is what failed, the private key is no longer accessible unless XP somehow had something in the cached profile.  Can anyone confirm that there is no copy of the private key on the XP hard drive for offline use, or have I misunderstood?  If there is no private key available, are there any other options for recovering the files?
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 88

Expert Comment

by:rindi
ID: 24062685
What failed on the original server? What about restoring a backup?
0
 

Author Comment

by:MikieTimT
ID: 24063138
The motherboard failed, and everything else was old enough that we couldn't justify buying a replacement motherboard.  So we couldn't do an AD restore on the new server that we purchased as a replacement, as the board in the new system was 2 generations newer than that of the old server.  So, we just restored the user files and mail and created everything new.
0
 
LVL 88

Expert Comment

by:rindi
ID: 24063982
You could probably use the utility I linked to earlier if you either restore the complete backup of the old server to some other Box on the Disk you restore to. Or another option would be to use it to scan the disks of the old server if they still exist.
0
 

Author Comment

by:MikieTimT
ID: 24064258
Unfortunately, that server crashed several months back, so no backups remain from that old server, and the disks got formatted and put into other systems, so we're hosed there.  I read that the tool could go through deleted data, but a complete format likely creamed any chance of getting anything of the old server disks.
0
 
LVL 88

Expert Comment

by:rindi
ID: 24064278
Then I'm afraid the encrypted data is lost.
0
 

Accepted Solution

by:
MikieTimT earned 0 total points
ID: 24103759
Actually, I ended up consulting Microsoft Professional Support, and after engaging an encryption support specialist, they had me try an internally developed tool, which required the path to the old profile as well as the password.  It then retrieved the old certificate into the current profile, and we were able to decrypt everything that was encrypted on that hard drive.  The file that was encrypted directly on a network drive on the old server was unfortunately not retrievable using the tool since the certificate would not have been accessible.  I appreciate your time in trying to help.  I thought I'd post the solution that worked for me for the benefit of other users.
0

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
how to generate a csr to request an intermediate ca on os x 3 91
is this a virus? 3 107
Event ID 1054 Userenv 2 90
sync two window 10 machine 7 49
The Delta outage: 650 cancelled flights, more than 1200 delayed flights, thousands of frustrated customers, tens of millions of dollars in damages – plus untold reputational damage to one of the world’s most trusted airlines. All due to a catastroph…
Employees depend heavily on their PCs, and new threats like ransomware make it even more critical to protect their important data.
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question