Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

In DESPERATE need of help for xp pro sp2

Status
Not open for further replies.

dhalix

Technical User
Jun 22, 2011
3
GB
Can someone please help me, i'm at my wits end.
I have XP Pro with SP2, been away for 2-3 years, now i've come back and forgotten the password. So i used EBCD and got into my system but stupidity forgot that i had used the EFS on my files and folders and now as you can imagine i can't get into them.
What i would like to know is there anyway of finding out the password that i originally had through the hashes or anywhere in the registry PLEASE HELP ME!
I've tried to add the Admin user to the certs but nothing, it's such a pain but i'm hoping that some Microsoft Genius that frequents this forum must know a back door or something, they (Microsoft) couldn't be that wicked and not left a way in.

I really need my files now that i'm back as i can't do any work without them.

I've tried doing the following but it didn't work, so anybody have any ideas?

1. Login as Administrator

2. Go to Start/Run and type in cmd and click OK.

At the prompt type cipher /r:Eagent and press enter

This prompt will then display:

Please type in the password to protect your .PFX file:

Type in your Administrator password
Re-confirm your Administrator password

The prompt will then display

Your .CER file was created successfully.
Your .PFX file was created successfully.

The Eagent.cer and Eagent.pfx files will be saved in the current directory that is shown at the command prompt. Example: The command prompt displays C:\Documents and Settings\admin> the two files are saved in the admin folder. (For security concerns, you should house the two files in your Administrator folder or on a usb stick).

3. Go to Start/Run and type in certmgr.msc and click OK. This will launch the Certificates Manager. Navigate to Personal and right click on the folder and select All Tasks/Import. The Certificate Import Wizard will appear. Click Next. Browse to the C:\Documents and Settings\admin folder. In the Open dialog box, change the Files of Type (at the bottom) to personal Information Exchange (*.pfx,*.P12). Select the file Eagent.pfx and click Open. Click Next. Type in your Administrator password (leave the two checkboxes blank) and click Next. Make sure the Radio button is active for the first option (Automatically select the certificate store based on the type of certifcate). Click Next. Click Finish. (You'll receive a message that the import was successful). To confirm the import, close Certificates Manager and re-open it. Expand the Personal folder and you will see a new subfolder labeled Certificates. Expand that folder and you will see the new entry in the right side column. Close Certificate Manager.

4. Go to Start/Run and type in secpol.msc and click OK. This will launch the Local Security Policy. Expand the Public Key Policies folder and then right click on the Encrypted File System subfolder and select Add Data Recovery Agent... The Wizard will then display. Click Next. Click the Browse Folders... button. Browse to the C:\Documents and Settings\admin folder. Select the Eagent.cer file and click Open. (The wizard will display the status User_Unknown. That's ok). Click Next. Click Finish. You will see a new entry in the right side column. Close the Local Security Policy.





PLEASE ANYONE?
 
This is from the wiki, so it doesn't sound good.

Recovery

Files encrypted with EFS can only be decrypted by using the RSA private key(s) matching the previously-used public key(s). The stored copy of the user's private key is ultimately protected by the user's logon password. Accessing encrypted files from outside Windows with other operating systems (Linux, for example) is not possible — not least of which because there is currently no third party EFS component driver. Further, using special tools to reset the user's login password will render it impossible to decrypt the user's private key and thus useless for gaining access to the user's encrypted files. The significance of this is occasionally lost on users, resulting in data loss if a user forgets his or her password, or fails to back up the encryption key. This led to coining of the term "delayed recycle bin", to describe the seeming inevitability of data loss if an inexperienced user encrypts his or her files.

If EFS is configured to use keys issued by a Public Key Infrastructure and the PKI is configured to enable Key Archival and Recovery, encrypted files can be recovered by recovering the private key first.
 
damn it, ok

Does the SAM hold any fragments of the old password as I only need to know the first letter or something of the old password for me to remember it?
 
probably, but it will be encrypted also, I think. If not, do a google search for password, and key recovery programs, there are a few that work pretty good.
 
cheers mate, i've found one that's called Advance EFS data recovery and i'm just that out now.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top