My view on this is..................Unless you can crack EFS.
You need to reverse all the changes you made. Did you note down the computer name?
Printable View
My view on this is..................Unless you can crack EFS.
You need to reverse all the changes you made. Did you note down the computer name?
the thing is that everything on the disk in question can move or be overwritten but the encrypted files won't move at all ...
what can i do to make them usable ... i know the admin password ...
in what way are these hashes encrypted ... for christ sake i know the password there has to be a way to decrypt them
remmember ... i cannot boot the disk... i can only use it as secondary master on my machine which has a different admin account
the original computer name look similar to this "X-LFSDLKHJ34LHLDF" which is a random sequence that the installation makes up if you don't specify the name.... all i wanted to do was change it to something nice like "office"
I think your problem is highlighted here:-
Oops... hang on... Pressed Submit instead of Preview :oQuote:
File encryption uses a symmetric key, which is then itself encrypted with the public key of a public key encryption pair. The related private key must be available in order for the file to be decrypted. This key pair is bound to a user identity and made available to the user who has possession of the user ID and password. If the private key is damaged or missing, even the user that encrypted the file cannot decrypt it. If a recovery agent exists, then the file may be recoverable. If key archival has been implemented, then the key may be recovered, and the file decrypted. If not, the file may be lost. EFS is an excellent file encryption system—there is no "back door.
To continue....
Coupled with:-
Remember, when you change the domain or workgroup the user's identity, (SSID), changes too....Quote:
EFS keys are protected by the user's password.
And finally.... here:-
SourceQuote:
It might also result in a loss of data, if proper recovery steps aren't taken.
It seems to me that the appropriate recovery steps weren't taken, as the article says... It's easy to use but can "bite you in the....", Ok, I paraphrased.... Sorry...
If you have a _full backup_, (system state), of the old system you _might_ be able to recover the files otherwise, as it says here:-
you are up "that" creek without a paddle..... Since, as you already stated, the hashes are incomplete... IOW, the pair is no longer intact - due to the change of identity of the box itself.Quote:
File encryption uses a symmetric key, which is then itself encrypted with the public key of a public key encryption pair. The related private key must be available in order for the file to be decrypted. This key pair is bound to a user identity and made available to the user who has possession of the user ID and password. If the private key is damaged or missing, even the user that encrypted the file cannot decrypt it.
It's no longer an issue that you know the admin password... It's an issue of whether you can recreate the domain/workgroup SSID having an administator with the same password.... Good luck on that, SSID's are deliberately long, random and hard to guess.
I hate to say this, but it's time to move on......
This is your main problem, unless you can import the security certificates for the encrypted files, you need to get the disk to boot.Quote:
remmember ... i cannot boot the disk... i can only use it as secondary master on my machine which has a different admin account
Been there....done that.....(once computer name is changed, files don't belong to the original owner)
My solution was to attach the drive (direct IDE cable, or external USB box) to a Windows 2000 Server, then take ownership. Copy to a shared directory. Put the original hard drive back into its computer, and download the 'shared' files. (or burn to a CD)
Bit pricey if you don't have WIN 2K server.
why do i need windows 2000 server ... i do have it but it's not installed
did you use encryption as well on the files...
Windows 2000 server WILLl 'take ownership' of the files. No encryption on the files.
(I tried taking ownership with XP...but it wouldn't work)
I presume Win2K Server has more 'rights' than any operating system. (Just a guess)