Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
Solved

# Windows 7 encryption

Posted on 2011-03-02
Medium Priority
409 Views
Hello Geniuses,
I have a clint with the following:
Win 7 x64, 300 GB HDD, 4 GB RAM.  He uses the program Calyx 7.2 for his business.  Issue is as follows:  Files are unable to be opened due to encryption (all in green).  Working with Calyx Support, they gave up and laid it at Microsofts door.  We were able to remove Read Only and File Encryption on some files and folders but not the hundreds of files necessary for the user to see the mortgage info he needs. I have shut off and turned back on ntfsdisableencryption in the registry.  Did not help,  Calyx Support went after it with everything they could come up with.  Files cannot be unencrypted due to permission issues.  All files and folders have God privledges so copying, deleting, etc. should not be an issue, but it is.

Any ideas?
jwhite273
0
Question by:jwhite273
[X]
###### Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

• Help others & share knowledge
• Earn cash & points
• 7
• 5
• 4
• +1

LVL 7

Expert Comment

ID: 35026033

When did the problem first occur.  Was the software ever able to access the files on the current pc?

Was it during migration from an old pc to a new one?

0

LVL 38

Expert Comment

ID: 35026255
You may have to try using Elcomsoft's AEFSDR tool, it works great, others have similar tools as well. It's only 149$and it works great: http://www.elcomsoft.com/aefsdr.html The one from Passware is 195$ http://www.lostpassword.com/efs.htm I've had much more success with Elcomsofts. Use the trial version first to make sure its doing what you need it to do. You can take ownership and control of all files on the HD by using these instructions:
http://technet.microsoft.com/en-us/library/cc753659.aspx
-rich
0

LVL 64

Expert Comment

ID: 35034227
typically you need to get the recovery certificate (done in the backup process when creating EFS files) to recover the EFS protected files. Or activate the data recovery (typically the local admin)
http://www.vistax64.com/tutorials/99956-encrypted-file-system-efs-certificate-restore.html
http://www.vistax64.com/tutorials/99948-encrypted-file-system-efs-certificate-backup.html

See the troubleshooting - Unable to Open Encrypted Files
http://technet.microsoft.com/en-us/library/bb457116.aspx#EBAA

http://www.microsoft.com/technet/community/columns/5min/5min-401.mspx

there is more in depth approach though
http://www.beginningtoseethelight.org/efsrecovery/index.php
0

Author Comment

ID: 35044600
Hi All,
Have read and tried the valid documents that dealt with my issue.  So far, nothing.  As I posted earlier, only the contents of two folders within the Calyx program folder are inaccessible.  I have taken ownership of all the folders etc.  without success.  There has to be a way to get around.this.  Any ideas?
Thanks,
jwhite273
0

LVL 38

Expert Comment

ID: 35044639
mount the drive in another PC, like an XP one that doesn't respect the file permissions as much as vista and 7 do. You can use an IDE/SATA to USB cable like this one: http://www.newegg.com/Product/Product.aspx?Item=N82E16812119244
or simply mount it as a secondary drive in another machine.. It's often easier that way to gain access, failing that you may even consider using Linux/Mac to read the drive as they have very little respect for NTFS permissions if any, and will let you read/copy any file you want. You can use the same USB adapter in linux/mac to read the drive.
-rich
0

Author Comment

ID: 35044843
Hi richrumbler,
Sweet.  Very unique idea.  I do have a Ubuntu USB for AV purposes.  Never thought about the slave drive move.  I'll see the client on Monday and let you know.
Thanks,
jwhite273
0

LVL 64

Expert Comment

ID: 35045193
agreed with richrumble, thinking along the same line. maybe we can attempt the following

a) Copy over to another non NTFS formatted drive such as FAT (formatted thumbdrive) - http://www.eriugena.org/code/sendto/sendto-EFS-Raw.pdf

b) Understand that EFS does not keep its data encrypted if transfer over the network, maybe can try to copy over the folder/file over to another network mapped file server.
0

Author Comment

ID: 35087970
Ok, I tried pulling the drive and slaving it to my laptop (Win 7).  Data remained locked.  I used a Win XP ERD and tried to move data to my laptop drive.  Didn't work.  Booted my Ubuntu disk and tried the same, no go.  I'm at the end of my rope with this.  All the suggestions are good, but nothing is working.  I'm almost ready to have the client reenter all the data from paper files.

Last call, anyone have any other ideas?
0

LVL 38

Expert Comment

ID: 35089178
Have you tried the trial version of AEFSDR? It should tell you if the full version can recover the files. EFS is one of the worst encryption products to manage and use correctly. As to why you can't gain access to the files via ownership, I don't know why that is, but I guess you'd have to have that access first before elcomsoft's AEFSDR would work...
-rich
0

Author Comment

ID: 35124121
Hi richrumble,
I've done everything except the AEFSDR.  I have a friend who is going to let me use his copy on this clients PC.  I'm seeing the client tomorrow, so it's this or nothing.
Thanks,
jwhite273
0

LVL 64

Expert Comment

ID: 35129164
agree with richrumble, if we cannot even access the file to extend of shifting it, doubt software can do much as it stay depends on OS to help in 'opening' access to the application. do keep us posted.
0

Author Comment

ID: 35129306
Hello all,
AEFSDR did not work in this situation.  We are looking to get permissions to work on about 500 files.  I'm thinking rebuild now unless one of you folks has another trick up your sleeve.

Thanks,
jwhite273
0

LVL 38

Expert Comment

ID: 35130715
If AEFSDR didn't work then it's more than likely the FEK is not present on the local system, I'm not sure where one looks to try alternative FEK's or using the Domain Administrator keys. File encryption is good and bad. The bad part is, well it's technically the good part, but nonetheless recovery of the files is impossible (for augments sake) if it's done right. Plain-text backups of the data are essential, failing that the keys have to be backed up just as well. You may try to use the Cipher.exe command to perhaps help you track down the FEK for the files, if nothing else find the DRA that might help further:
cipher.exe /h /c c:\path\to\file(s) (before doing any of this make copies of the files, and do these command son them...)
cipher.exe /r
There maybe more options to use, but if AEFSDR didn't work, I'm not sure what else might. The files should be recovered from the PC they originally resided on for your best chance.
-rich

0

LVL 64

Expert Comment

ID: 35133631
the FEK is actually a alternate data stream of the file, that is why it is supported only in ntfs format. the command would help and by default local admin is also the default recovery agent. if that canwork out, suggest looking for forensic leftover instead.
0

LVL 38

Expert Comment

ID: 35133667
Domain joined PC's the Domain admin is the DRA, for workgroup it's the local admin.
-rich
0

Accepted Solution

jwhite273 earned 0 total points
ID: 35150836
Hi all,
We have tried all the options you folks have come up with.  Everyone sounds like it's the right one.  However, after about 6 hours invested in this machine, the client has decided to replace the box.  I do appreciate all the help from you folks.  You came up with options I never would have come up with myself and I am grateful.

jwhite
0

Author Closing Comment

ID: 35178816
Client purchasing new PC.  Everything we tried failed in his instance.
0

## Featured Post

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
###### Suggested Courses
Course of the Month8 days, 20 hours left to enroll