Solved

Recovering encrypted files after creating new SBS domain

Posted on 2009-04-02
9
219 Views
Last Modified: 2013-12-04
We had a Windows 2003 SBS R2 server crash a few months ago, and setup a new server.  It has the same domain name as it had before, but since we were unable to restore AD as it is new hardware, all machine and user accounts had to be created.  Since we only had 16 of each, it didn't take long to do, but obviously it created new profiles on each machine as well.  One of the users had encrypted tax documents that he needs for tax season, but since he logs into a different profile although the domain\user is the same as before, he cannot decrypt the files.  The old profile is still on the machine, but there was no private key exported before the server crashed.  The files were encrypted using a domain account on the previous domain controller.  Since that domain controller is no longer live, is there a way to log into the previous cached profile on the XP Professional laptop to decrypt the files?  If the domain name had been different, it wouldn't be an issue to log into the machine with the cached profile, but that domain\user combination brings up the new profile.
0
Comment
Question by:MikieTimT
  • 4
  • 4
9 Comments
 
LVL 87

Expert Comment

by:rindi
Comment Utility
If the utility below can't help, you are probably out of luck:

http://www.elcomsoft.com/aefsdr.html
0
 
LVL 34

Expert Comment

by:Michael-Best
Comment Utility
Remove HDD, then
Via (IDE)ATA /SATA as a slave drive on an XP machine / set drive jumper to slave.
0
 

Author Comment

by:MikieTimT
Comment Utility
I don't think that the tool above will help in this case.  From what I've read about EFS in a domain environment, the private key is stored on the domain controller rather than in the local filesystem, and that you cannot even access your encrypted files when offline.  Since the domain controller is what failed, the private key is no longer accessible unless XP somehow had something in the cached profile.  Can anyone confirm that there is no copy of the private key on the XP hard drive for offline use, or have I misunderstood?  If there is no private key available, are there any other options for recovering the files?
0
 
LVL 87

Expert Comment

by:rindi
Comment Utility
What failed on the original server? What about restoring a backup?
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:MikieTimT
Comment Utility
The motherboard failed, and everything else was old enough that we couldn't justify buying a replacement motherboard.  So we couldn't do an AD restore on the new server that we purchased as a replacement, as the board in the new system was 2 generations newer than that of the old server.  So, we just restored the user files and mail and created everything new.
0
 
LVL 87

Expert Comment

by:rindi
Comment Utility
You could probably use the utility I linked to earlier if you either restore the complete backup of the old server to some other Box on the Disk you restore to. Or another option would be to use it to scan the disks of the old server if they still exist.
0
 

Author Comment

by:MikieTimT
Comment Utility
Unfortunately, that server crashed several months back, so no backups remain from that old server, and the disks got formatted and put into other systems, so we're hosed there.  I read that the tool could go through deleted data, but a complete format likely creamed any chance of getting anything of the old server disks.
0
 
LVL 87

Expert Comment

by:rindi
Comment Utility
Then I'm afraid the encrypted data is lost.
0
 

Accepted Solution

by:
MikieTimT earned 0 total points
Comment Utility
Actually, I ended up consulting Microsoft Professional Support, and after engaging an encryption support specialist, they had me try an internally developed tool, which required the path to the old profile as well as the password.  It then retrieved the old certificate into the current profile, and we were able to decrypt everything that was encrypted on that hard drive.  The file that was encrypted directly on a network drive on the old server was unfortunately not retrievable using the tool since the certificate would not have been accessible.  I appreciate your time in trying to help.  I thought I'd post the solution that worked for me for the benefit of other users.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
In this article we have discussed the manual scenarios to recover data from Windows 10 through some backup and recovery tools which are offered by it.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now