Solved

Encryption file problem

Posted on 2012-03-12
7
269 Views
Last Modified: 2012-04-01
We recently moved all of our User Shared Folders from an SBS 2003 server to a 2008 R2 server.  Some of the users had encrypted data and we decrypted the data, copied to the 2008 server and then encrypted.  That all works fine.
The problem is I need to restore some files from our offsite backup that are several years old.
I found if I restore to the old SBS 2003 server the user can read.  If I restore the same files to the new server the user cannot open the files.  I did do an export of the recovery agent certs and restored on the 2008 server but the user still cannot read the files.

There must be a Cert buried somewhere that has been missed?
It would seem like we should be able to import the correct Cert onto the 2008 server so the user can read these older files.
Suggestions?
0
Comment
Question by:djpierce54
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 10

Expert Comment

by:ImaCircularSaw
ID: 37713812
Is the domain admin account able to read the files?  Are the users the same or are their SIDs different?  It could be that once recovered, the files need to have their owner accounts re-set.
0
 

Author Comment

by:djpierce54
ID: 37714700
No the Domain Admins cannot read the files.
Only the user who created and originally encrypted the file can read it.

I do not think the SID changed as the accounts are the same on the AD.  Only thing was their files were redirected to a new server.

The problem I have is that the only way to read those old files is for the owner to have them restored to the old server and then the user needs to decrypt and move to the new server and encrypt.
The old server is about to be decommisioned .  That is why I posted this question.
0
 
LVL 10

Expert Comment

by:ImaCircularSaw
ID: 37714716
What are you using to encrypt the files?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:djpierce54
ID: 37714989
Each user just goes to the properties of the file or directory on their computer (like My Documents) and under the advanced option select to encrypt.
So it must use the resident server that stores these files for the encryption key.
0
 
LVL 10

Assisted Solution

by:ImaCircularSaw
ImaCircularSaw earned 250 total points
ID: 37715637
Here's a paper on the issue:

http://technet.microsoft.com/en-us/library/bb457065.aspx

The certificates used for encryption are self-signed by the user but should still exist on your CA.  If that CA is the old server it would explain why you'rt unable to decrypt the files without it being online.  You should be able to copy them onto another trusted root server/CA.
0
 

Accepted Solution

by:
djpierce54 earned 0 total points
ID: 37772897
I figured it out.  Had to use the Recovery Agent and dig out some old Certs.
The link to the KB got me on the right track
0
 

Author Closing Comment

by:djpierce54
ID: 37792682
I had to do further investigations and testing to resolve
0

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question