[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 694
  • Last Modified:

Decrypt encrypted files from a crashed HDD (Windows XP)

Hello,

After a crash, I installed a new version of Windows XP on my computer (on a new hard disk), and I cannot read encrypted data stored on my previous master HDD, which I now use as an external USB drive.
I tried to use ElcomSoft Advanced EFS Data Recovery software but it didn't work.
I also tried to take complete control of the files, but it didn't change anything.

My computer was registered in a domain managed on a server with Windows Small Business Server 2003 installed on it.
I remember that some part of encryption process have been configured using the server management interface. Do you think that it can be possible to decrypt my files from the server (I can get administrator access on it if needed)?

Thank you,
Julien
0
JulienVan
Asked:
JulienVan
2 Solutions
 
nicsaintCommented:
When you say "tried to take complete control of the files "did that include taking ownership" under Security - Advanced - Owner?
0
 
Kruger_monkeyCommented:
Have you got an EFS recovery agent setup on the domain?  If so you can use that more than likely to decrypt your files.

See the following for more info.

http://searchenterprisedesktop.techtarget.com/tip/0,289483,sid192_gci1256137,00.html

General efs info

http://support.microsoft.com/kb/q223316/

http://www.windowsitpro.com/article/file-systems/how-can-i-add-a-user-as-an-efs-recovery-agent-for-a-domain-.aspx

0
 
JulienVanAuthor Commented:
Hi nicsaint,
Yes, I'm defined as the owner of the files, but I cannot decrypt them.
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
JulienVanAuthor Commented:
Hi Kruger_monkey,

Thanks for you message.The recovery agent of the files is the administrator account of the server.

Your last link to add new users as recovery agents seems complicated for me, would you have other suggestions or a more simple way to do that?

Would it be possible to decrypt the files if I know the password of the recovery agent account?

Thank you
0
 
Kruger_monkeyCommented:
The last link was more for reference and wouldn't help you with existing encrypted files.  But if they were encrypted on the same domain/system as the recover agent, after the recovery agent had been setup then you should be able to recover them.

The first link covers that.
0
 
Kruger_monkeyCommented:
This article is a little more detailed than the first one, this will be mroe useful I think.

http://support.microsoft.com/kb/308993
0
 
JulienVanAuthor Commented:
Kruger_monkey,

if I want to decrypt the files using the recover agent, how can I do that?

Because the recovery agent is the administrator of the domain, on a remote server, so how can he access my encrypted files?

Do I have to configure my folder sharing so that my disk can be visible on the network by the other users of the domain?
0
 
Kruger_monkeyCommented:
Yes, the recovery agent will need to be able to see the files, been a while since I've used it, but pretty sure that as long as it is a valid DRA, you should just be able to browse to and then access the files.  After which you can then decrypt them..

See the following article, which goes into a lot of detail.

http://technet.microsoft.com/en-us/library/bb457020.aspx

Also check here

http://www.experts-exchange.com/Security/Encryption/Q_23053031.html
0
 
astralcomputingCommented:
Here is what I know. If you encrypt files using Windows encryption and you do not backup the key, you have a 2% chance of a professional firm cracking the encryption. It does not matter that you are the owner of the file, because you cannot decrypt without the key.

If Windows encryption was easily decrypted by a third party program, it would be useless.

You should look to the encryption process defined from your server and check for the keys. Good luck
0
 
JulienVanAuthor Commented:
Thanks for your comments guys, I can not share my files on the domain, but once I did, I'll update this post!
0
 
JulienVanAuthor Commented:
Sorry guys, I didn't find out how to share my folders to view it from the server. I'm going to give you the points and close the question, thanks for your help.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now