Solved

Windows 7 encryption issues

Posted on 2014-04-14
11
320 Views
Last Modified: 2014-05-18
Hello,

I had encrypted some files on a customers Windows 7 pc a few years ago using the windows encryption by right clicking and choosing advanced properties and then choosing encrypt files. I had recently used a program to copy the profile and join the pc to a domain. Well now the user can't open the encrypted files which are very important. Is there a program or something that I can get to decrypt these? When I try to decrypt them it just says I don't have permissions. I tried logging into the old local account but the files aren't there anymore as they have been copied to the domain profile now.
0
Comment
Question by:jands
  • 4
  • 3
  • 2
  • +1
11 Comments
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 39998810
When you encrypted the files, did it provide a decryption key that you saved somewhere?
0
 

Author Comment

by:jands
ID: 39998842
I don't remember.
0
 
LVL 4

Expert Comment

by:Niabingi
ID: 39998929
if the machine is on the domain it should have a recovery key in AD, are you able to find the pc in AD, if so right click and go to properties and select the bitlocker tab, the password should be there, see attached file.
bitlocker.JPG
0
 

Author Comment

by:jands
ID: 39998931
The files were encrypted prior to being joined to the domain.
0
 
LVL 4

Expert Comment

by:Niabingi
ID: 39998954
oh I see so it is file encryption not drive encryption, you may have to try a third party software or a file recovery service.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39999531
If you have the old PC good, you will not have the EFS keys in AD, they are on the old computer and you cannot recover without them. If you can't locate them, you really are out of luck, have a look at my articles here:
http://www.experts-exchange.com/Security/Encryption/A_12132-Microsoft-EFS-Recovery.html
-rich
0
 

Author Comment

by:jands
ID: 40000225
Ok let me explain better.

Windows 7 Professional computer name was Owner-PC and it was in a workgroup. The user logging into the PC was Bob. I then used ForensIT User Profile Wizard 3.5 to copy the profile and join it to the domain with PC Name OPTI05. I then logged into the machine as domainname\bobsmith and the profile was there. I tried to open the encrypted files and access was denied. I tried EFS recovery tools and nothing was able to be decrypted. I then changed the machine name back to Owner-PC and logged in with the original Bob account and the data was still not readable.
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 40000257
It sounds like the files actually did get encrypted when you used one of those software apps.
I have not used either one, but it appears the problem was created at that point.

Questions:

Do you take a backup of his data before starting?
Are there any previous versions of backups Bob may have taken?
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
ID: 40000267
I've never failed the recovery using AEFSDR, the trial version should be able to tell you if you can fully recover it or not. If AEFSDR scan's the HDD and can't find the certificates then I doubt a professional will do much better. Passware is about equal to AEFSDR, so if neither of those trials cannot find the certs, you will not recover those files. The certs are always on the machine however, in the personal certificate store, unless you delete them specifically or reimage the machine, even after joining or unjoining a domain. They aren't available to everyone, but typically you can import them and they will work.
-rich
0
 

Author Closing Comment

by:jands
ID: 40073598
AEFSDR worked like a charm.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 40073708
I love that program :)
-rich
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VHDX file 11 73
File Encryption 12 44
Where to place the SSL Encryption: IIS or Application (SAS) level? 3 71
Zepto Ransomware - Decrypt/Restore files 5 240
When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now