July 01, 1999 01:01 PM

Inside Encrypting File System, Part 2

Rating: (0)
Mark Russinovich
Windows IT Pro
InstantDoc ID #5592
Learn how Win2K encrypts and decrypts files
Last month, I began this two-part series by introducing the basics of Encrypting File System (EFS). I concluded by discussing how EFS generates keys and stores the keys in an EFS attribute with the file the keys will encrypt. This month, I conclude my walk through the encryption process. I also discuss the decryption process and other functionality that the EFS driver provides, including encrypted file backup and restore and the ability to view information about encrypted files.

ARTICLE TOOLS

Want to use this article? Click here for options!

You must be a paid Professional Member to access this entire article.

Already a Professional Member? Please log in now:

NOT A PROFESSIONAL MEMBER? YOU CHOOSE:

Monthly or Annual

Professional Membership

VIP Membership

Compare Member Benefits

Add a Comment

This Might work for u
http://www.crackpassword.com/products/prs/otherms/efs/

deltree 5/7/2004 2:20:14 PM

I had a similar problem, I found if you used the windows backup utility to backup the files (making sure to uncheck 'keep security settings') and then restore them, the files were again usable.

michael 11/5/2002 9:20:23 AM

i had a similar problem to paul's comment..
my computer installed a scsi driver without asking me if it was a scsi..then it caused windows xp to stop loading and responding to any stimuli..thus i had to reinstall win xp
now part of my NTFS EFS files are completely unreadable!!!!!!!!!!!
i have tried for days to trick it into letting me decrypt it or atleast copy it! but NOOOOOOO......this is a BAD BAD situation if you had not worried about EFS and never saved a good backup key

jr 5/15/2002 3:48:33 AM

If you RE-install win2k server over itself, thus keeping all SAM and config options intact, it seems the server creates a new key pair for the Admin account, which now renders all Encrypted (by the admin) files/folders unreadeable since the new key pair is generated for both teh user ADMIN and the Recovery agent ADMIN (if their in their default config, which they are in our case). This is problem, as we have lost access to considerable information. Further checking shows that the original certificate for both USER admin and RECOVERY agent ADMIN are both intact and stored along with the new certificate in SystemCertificate. This can be determined by using EFSINFO.EXE with the /C /R /U options to produce a Certificate Hash thumbprint.

Now, if the original certificate's seem intact, how can we import or change the certificate usage back to the old one so we can decrypt/use the files?

We made an attempt at changing the hash string in HKCU/../EFS/CurrentKeys to the original hash string and rebooted, the edit we made stayed after the re-boot, but the files were still unaccesible, and eventually when we checked again (an hour or so later) the system had changed the key/hash value back to it's original value. This was only a shot in the dark attempt, and not a known way to fix this.

Please any help would be greatly appreciated as this is the companies DC and needs to be back up Tuesday morning, 1/22/02. Thanks.

Paul1/17/2002 1:51:09 PM

You must log on before posting a comment.

Are you a new visitor? Register Here

Related Content

windows server 2008 login scripts

I have 2 win2k8 servers one pdc and bdc. The domain is exampledom.com They are connected to 2 iscsi luns which replicate each other. We are running ac...222-96118

advertisement

GOOGLE LINKS
SPONSORED LINKS
FEATURED LINKS

White Papers

Your remote offices contain valuable electronic data – are they adequately protected? Learn how proven technologies can reliably and cost-effectively back up a branch office from a central location, in real time, to disk or tape, and even utilize existing backup solutions.

Downloads

PacketTrap IT is a comprehensive and affordable network management and application monitoring solution that solves problems associated with bandwidth, network and application performance, and connectivity. Gain insight into your network - try PacketTrapIT free for 21 days!

Web Seminars

IT administrators have to solve a myriad of problems. This web seminar outlines the ten most common systems management pains - including managing highly distributed systems and dealing with data theft/loss – and the best practices to address each.

eLearning Series

We bring the experts direct to you to share their real-world perspective and expertise. During each event, three sessions stream in real time, so you can learn, ask questions, and get solutions.
Upcoming event: Getting the Most with Exchange 2010 with Paul Robichaux

Subscribe to Windows IT Pro!

DevProConnections ITTV Left-Brain SharePointPro Connections SQL Server Magazine SuperSite for Windows Windows IT Pro

© Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.