EFS encrypted files |
Post Reply | Page 12> |
Author | |
advantage
Newbie Joined: 28 Oct 2009 Status: Offline Points: 3 |
Post Options
Thanks(0)
Posted: 28 Oct 2009 at 11:06am |
I used profwiz not realizing a client had a folder encrypted with EFS under his local logon. Of course the files are not accessible under his new domain logon, nor are they accessible after being copied back to his local profile. The folder does not even show as encrypted.
Is there a way to recover the EFS certificate of the local logon and use it to decrypt the files? I tried the trial version of Elcomsoft's Advanced EFS Data Recovery, and no luck. Are the files unrecoverable? |
|
Support
Moderator Group Joined: 09 Nov 2006 Location: United Kingdom Status: Offline Points: 1843 |
Post Options
Thanks(0)
|
Hi,
The following procedure has worked for other customers. As long as you copied the encrypted data to the other profile (and did not move it) the files should be recoverable. 1. Re-enable the original local user account (if you have not already done so.) 2. Logon with an administrator account and re-run User Profile Wizard. 3. Select the local machine name from the "Enter the domain" dropdown list on the "User Account Information" page. Enter the old local user account name. 4. Select the profile and migrate it back to the original local user account. Reboot. 5. Logon as the local user account. (The machine can still be on the new domain.) You should now have access to the data. 6. You will probably find that you are unable to remove encryption at the top folder level. However, by opening the folder and selecting all items, you should be able to remove encryption. 7. Once all the encryption has been removed you can run User Profile Wizard again and assign the profile to the new domain account. I hope this helps! |
|
advantage
Newbie Joined: 28 Oct 2009 Status: Offline Points: 3 |
Post Options
Thanks(0)
|
Thanks for the quick reply!
I will give it a try. What do you mean by copy vs. move? I didn't see an option to do one or the other. The encrypted files show up under the profile for the domain user account now, along with everything else. |
|
Support
Moderator Group Joined: 09 Nov 2006 Location: United Kingdom Status: Offline Points: 1843 |
Post Options
Thanks(0)
|
You mentioned the files being "copied back" to the user's local profile. I was concerned that if they had been moved from the original profile you might have problems. It doesn't sound like that's the case though.
|
|
advantage
Newbie Joined: 28 Oct 2009 Status: Offline Points: 3 |
Post Options
Thanks(0)
|
They are decrypted. Thank you! Re: previous confusion - OK, I thought you were referring to copying or moving the profile initially. I did in fact copy the encrypted files to the old profile; in fact I had to use ntbackup to get around some "access denied" issues. I also had to take the PC off the domain to get around password policy rules because the original password did not meet the policy requirements. But once all that was done, I was able to decrypt the files. I am now re-running Profwiz to put the PC back onto the domain and migrate the profile again. Thanks again! |
|
macky.patio
Newbie Joined: 08 Jan 2012 Location: Philippines Status: Offline Points: 3 |
Post Options
Thanks(0)
|
Hi sorry for bringing up this post, but i have the same problem. i am a little bit confused about what you have said "copy the encrypted data to the other profile (and did not move it)". Does it mean that i have to copy the encrypted files to the old profile? or i just need to migrate it back using ForensiT? if i do need to copy those encrypted files, how will i do that? TIA.
|
|
Support
Moderator Group Joined: 09 Nov 2006 Location: United Kingdom Status: Offline Points: 1843 |
Post Options
Thanks(0)
|
User Profile Wizard does not move copy or delete any files, so as long as you have not moved or copied anything the above procedure should work.
|
|
macky.patio
Newbie Joined: 08 Jan 2012 Location: Philippines Status: Offline Points: 3 |
Post Options
Thanks(0)
|
i believe User Profile Wizard just change the profile path of the local machine to the domain(by registry or something like that) cmiiw. Does it trigger the encryption of the files?
|
|
Support
Moderator Group Joined: 09 Nov 2006 Location: United Kingdom Status: Offline Points: 1843 |
Post Options
Thanks(0)
|
No, User Profile Wizard does not trigger the encryption of files. This thread deals with files encrypted before a profile is migrated.
|
|
murga
Newbie Joined: 20 Oct 2021 Location: Goražde, B&H Status: Offline Points: 1 |
Post Options
Thanks(0)
|
Hi there, Profile migrated from domain without problem, but files remained encrypted without possibilities to decrypt them. Thanks in advance! |
|
Post Reply | Page 12> |
Tweet
|
Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |