Security Basics mailing list archives
RE: Decrypt File
From: "Jason Normanton" <netprouk () netprouk com>
Date: Sat, 17 May 2003 20:45:43 +0100
Hi guys, There is a way around this with EFS if you have "accidentally" reinstalled the machine without saving the recovery agent. I have had to save lots of data this way : For a non domain or domain member system: 1 if o/s has been re-installed re-boot machine into safe mode 2 in properties for the encrypted data re-assign the new local admin account certificate to the files as the recovery agent and take ownership of the files 3 reboot the machine as normal the data will now be recoverable from the admin account. Regards, Jason Normanton Senior Consultant (Directory Services Security) http://www.Netprouk.com -----Original Message----- From: David Gillett [mailto:gillettdavid () fhda edu] Sent: 15 May 2003 20:22 To: 'James Yang'; security-basics () securityfocus com
-----Original Message----- From: James Yang [mailto:guanghuyang () yahoo com cn] Sent: May 14, 2003 20:39 To: security-basics () securityfocus com Subject: Decrypt File My system occurred problem yesterday. I backuped my files and then reinstalled my W2K system. After I copied back my files I found I couldn't open the encrypted files. How can I open, could anyone give me a tip. Thanks.
I'm assuming that by "encrypted" you mean you've been using EFS (Encrypted File System), and that by "reinstalled" you mean something like "did a clean format and brand new installation". EFS files can be decrypted and re-encrypted by the owner, or decrypted (only) by a designated recovery agent -- by default, the administrator account. If you did a clean installation, the new installation has its own administrator account and (probably) personal account for you. None of the accounts from the previous installation exists any more. I recommend, when people ask me, that EFS only be used in a *domain* context. That way, the default recovery agent is the domain administrator account, which will survive reinstalls of individual client machines, and even (if there are multiple domain controllers) reinstalls of any single domain controller. I do not recommend its use on single stand-alone machines, because if neither the owner nor recovery agent account exists any more, your third alternative is to try to convince the FBI that Al Qaeda has hidden data in your encrypted files -- allegedly they've cracked EFS (although I suspect that what they actually did in Afghanistan was crack the administrator password, and that won't help you now). David Gillett --------------------------------------------------------------------------- Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics ----------------------------------------------------------------------------
Current thread:
- Decrypt File James Yang (May 15)
- RE: Decrypt File Sarbjit Singh Gill (May 16)
- RE: Decrypt File Jim Barrett (May 16)
- Re: Decrypt File Brian Nottle (May 17)
- RE: Decrypt File Jim Barrett (May 19)
- Re: Decrypt File Brian Nottle (May 17)
- RE: [tech] Decrypt File Wayne Maples (May 16)
- RE: Decrypt File David Gillett (May 16)
- RE: Decrypt File Jason Normanton (May 19)
- <Possible follow-ups>
- RE: Decrypt File Martijn Dunnebier (May 16)