Encryption file problem

We recently moved all of our User Shared Folders from an SBS 2003 server to a 2008 R2 server.  Some of the users had encrypted data and we decrypted the data, copied to the 2008 server and then encrypted.  That all works fine.
The problem is I need to restore some files from our offsite backup that are several years old.
I found if I restore to the old SBS 2003 server the user can read.  If I restore the same files to the new server the user cannot open the files.  I did do an export of the recovery agent certs and restored on the 2008 server but the user still cannot read the files.

There must be a Cert buried somewhere that has been missed?
It would seem like we should be able to import the correct Cert onto the 2008 server so the user can read these older files.
Suggestions?
djpierce54Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
djpierce54Connect With a Mentor Author Commented:
I figured it out.  Had to use the Recovery Agent and dig out some old Certs.
The link to the KB got me on the right track
0
 
ImaCircularSawCommented:
Is the domain admin account able to read the files?  Are the users the same or are their SIDs different?  It could be that once recovered, the files need to have their owner accounts re-set.
0
 
djpierce54Author Commented:
No the Domain Admins cannot read the files.
Only the user who created and originally encrypted the file can read it.

I do not think the SID changed as the accounts are the same on the AD.  Only thing was their files were redirected to a new server.

The problem I have is that the only way to read those old files is for the owner to have them restored to the old server and then the user needs to decrypt and move to the new server and encrypt.
The old server is about to be decommisioned .  That is why I posted this question.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
ImaCircularSawCommented:
What are you using to encrypt the files?
0
 
djpierce54Author Commented:
Each user just goes to the properties of the file or directory on their computer (like My Documents) and under the advanced option select to encrypt.
So it must use the resident server that stores these files for the encryption key.
0
 
ImaCircularSawConnect With a Mentor Commented:
Here's a paper on the issue:

http://technet.microsoft.com/en-us/library/bb457065.aspx

The certificates used for encryption are self-signed by the user but should still exist on your CA.  If that CA is the old server it would explain why you'rt unable to decrypt the files without it being online.  You should be able to copy them onto another trusted root server/CA.
0
 
djpierce54Author Commented:
I had to do further investigations and testing to resolve
0
All Courses

From novice to tech pro — start learning today.