EFS encryption on a domain

I have a user who encrypted some files on her folder on a network share. She recently got a new computer and can not access the files anymore. I can also not decrypt them on the server using the administrator login in 2008R2.

She can get these files from someone else but I was wondering how I can decrypt the files if that is possible at all? I created a recovery agent and either do not know the proper way to decrypt the file or it's just not working or setup properly.
BiofilmincAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

BiofilmincAuthor Commented:
I had another user encrypt some files and I could open them and decrypt them with no problem.

So maybe the files I am having a problem with were encrypted before I created the recovery agent? Or is there an issue because these files came from a mac?
0
Cris HannaSr IT Support EngineerCommented:
You might take a look at this article http://technet.microsoft.com/en-us/library/cc512680.aspx
Data Recovery and Encrypting File System (EFS), written by a Microsoft Security MVP.   If you scroll down to the section on exporting, I believe you may have some options there.   In general the recovery agent should be created at the time the files are encrypted.
0
Rich RumbleSecurity SamuraiCommented:
Correct, you have to create the recovery agent first. If you don't have the user's profile from the old machine, it's useless to try to recover even if you know the users password. The password only protects the key used to encrypt, the key is not derived or determined from the users password.
If you have access to the old HD I'd recommend you try the Elcomsoft AEFSDR.

Also I'd recommend disabling EFS on your domain entirely. Files that are EFS encrypted now will still be accessable, but no future EFS files can be created. EFS is though to manage and correctly secure, there are other options out there that may be a better choice.
I have two articles on EE you may be interested in reading:
http://www.experts-exchange.com/Security/Encryption/A_12132-Microsoft-EFS-Recovery.html

http://www.experts-exchange.com/Security/Encryption/A_12134-Choosing-the-right-encryption-for-your-needs.html
-rich
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.