Solved

Encryption file problem

Posted on 2012-03-12
7
267 Views
Last Modified: 2012-04-01
We recently moved all of our User Shared Folders from an SBS 2003 server to a 2008 R2 server.  Some of the users had encrypted data and we decrypted the data, copied to the 2008 server and then encrypted.  That all works fine.
The problem is I need to restore some files from our offsite backup that are several years old.
I found if I restore to the old SBS 2003 server the user can read.  If I restore the same files to the new server the user cannot open the files.  I did do an export of the recovery agent certs and restored on the 2008 server but the user still cannot read the files.

There must be a Cert buried somewhere that has been missed?
It would seem like we should be able to import the correct Cert onto the 2008 server so the user can read these older files.
Suggestions?
0
Comment
Question by:djpierce54
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 10

Expert Comment

by:ImaCircularSaw
ID: 37713812
Is the domain admin account able to read the files?  Are the users the same or are their SIDs different?  It could be that once recovered, the files need to have their owner accounts re-set.
0
 

Author Comment

by:djpierce54
ID: 37714700
No the Domain Admins cannot read the files.
Only the user who created and originally encrypted the file can read it.

I do not think the SID changed as the accounts are the same on the AD.  Only thing was their files were redirected to a new server.

The problem I have is that the only way to read those old files is for the owner to have them restored to the old server and then the user needs to decrypt and move to the new server and encrypt.
The old server is about to be decommisioned .  That is why I posted this question.
0
 
LVL 10

Expert Comment

by:ImaCircularSaw
ID: 37714716
What are you using to encrypt the files?
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:djpierce54
ID: 37714989
Each user just goes to the properties of the file or directory on their computer (like My Documents) and under the advanced option select to encrypt.
So it must use the resident server that stores these files for the encryption key.
0
 
LVL 10

Assisted Solution

by:ImaCircularSaw
ImaCircularSaw earned 250 total points
ID: 37715637
Here's a paper on the issue:

http://technet.microsoft.com/en-us/library/bb457065.aspx

The certificates used for encryption are self-signed by the user but should still exist on your CA.  If that CA is the old server it would explain why you'rt unable to decrypt the files without it being online.  You should be able to copy them onto another trusted root server/CA.
0
 

Accepted Solution

by:
djpierce54 earned 0 total points
ID: 37772897
I figured it out.  Had to use the Recovery Agent and dig out some old Certs.
The link to the KB got me on the right track
0
 

Author Closing Comment

by:djpierce54
ID: 37792682
I had to do further investigations and testing to resolve
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Is there a way top force root certificate to update on Windows 2008? 4 20
Server Shares and Excel files 2 33
SQLsvr.exe SBS 2011memory issues 3 48
AD account Auto logoff 1 37
I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question