Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

recovering an encrypted file

Status
Not open for further replies.
hbgpensfan

hbgpensfan

MIS
Nov 7, 2001
67
0
0
US
A workstation crashed at work and the user's profile was lost. I have reloaded the workstation, but I can't seem to open the encrypted files. The files are on a network share. The recovery agent is on the server but I get an error "The document may be read-only or encrypted".

I tried to use the efsinfo tool from the resource kit however when I run it to see the recovery agent it give me an error "overlapped i/o operation is in progress".

These files are relatively important so i really need to try and recover them. I'm scanning technet, but any help would be greatly appreciated.

Thanks
Bill Swanson
 
Sort by date Sort by votes
Hgbpensfan,

Can you log on as the user who encrypted these files and access them?

Patty [ponytails2]
 
Upvote 0 Downvote
The Key is stored in the user profile rather than in the user account so just being able to log as the user is no use. I don't suppose there are any local cached copies of the user profile hanging around on the network?

Ash.
 
Upvote 0 Downvote
Few questions,
As I understand the profile was local. Loosing the profile you were loosing the user private key.
Was it that workstation memebr of the domain? If yes, then the recovery agent is the one defined for the domain.
The idea is that recovery agent will be the one that was before the moment when user encrypt the files. So, if then workstation was not memeber of the domain, you lost the data. If it was, then another reason
"If you configure the roaming profile for the Administrator account and populate the information for the account from a DC other than a member server or the initial DC, you will lose the initial EFS recovery agent private key permanently, which will prevent you from decrypting any files encrypted with the EFS recovery agent's public key. "

If not, is the initial user (that install the OS). And in this case you lost the possibility to recover the files.

And for the future, use certifications, and the certificate for your recovery agent keep it in a safe place. Gia Betiu
m.betiu@chello.nl
Computer Eng. CNE 4, CNE 5, soon MCSE2k
 
Upvote 0 Downvote
Thanks everyone, I actually got them recovered using the recovery key on the domain. I'm not sure what was happening initially.

I have installed certificate services already and the keys have been stored away so this doesn't happen again. I was on the right track, I think a little bit of panic set in is all.

Thanks everyone.

Bill
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
109
microsGuy16
microsGuy16
jamescpp
  • Locked
  • Question
Adding an attribute to ADLDS
Replies
1
Views
66
jamescpp
jamescpp
JScannell
  • Locked
  • Question
File saving from browsers
Replies
1
Views
56
DrB0b
DrB0b
shmoes
  • Locked
  • Question
Delegating file admin permission
Replies
3
Views
63
SamBones
SamBones
penguinroundup
  • Locked
  • Question
programmatically delete all saved passwords for IE for any user
Replies
0
Views
53
penguinroundup
penguinroundup

Part and Inventory Search

Sponsor

Back
Top