Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18

Thread: big problem ... need help

  1. #11
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    My view on this is..................Unless you can crack EFS.
    You need to reverse all the changes you made. Did you note down the computer name?
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  2. #12
    Banned
    Join Date
    Aug 2004
    Posts
    534
    the thing is that everything on the disk in question can move or be overwritten but the encrypted files won't move at all ...

    what can i do to make them usable ... i know the admin password ...

    in what way are these hashes encrypted ... for christ sake i know the password there has to be a way to decrypt them

    remmember ... i cannot boot the disk... i can only use it as secondary master on my machine which has a different admin account

  3. #13
    Banned
    Join Date
    Aug 2004
    Posts
    534
    the original computer name look similar to this "X-LFSDLKHJ34LHLDF" which is a random sequence that the installation makes up if you don't specify the name.... all i wanted to do was change it to something nice like "office"

  4. #14
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    I think your problem is highlighted here:-

    File encryption uses a symmetric key, which is then itself encrypted with the public key of a public key encryption pair. The related private key must be available in order for the file to be decrypted. This key pair is bound to a user identity and made available to the user who has possession of the user ID and password. If the private key is damaged or missing, even the user that encrypted the file cannot decrypt it. If a recovery agent exists, then the file may be recoverable. If key archival has been implemented, then the key may be recovered, and the file decrypted. If not, the file may be lost. EFS is an excellent file encryption system—there is no "back door.
    Oops... hang on... Pressed Submit instead of Preview

    To continue....

    Coupled with:-

    EFS keys are protected by the user's password.
    Remember, when you change the domain or workgroup the user's identity, (SSID), changes too....

    And finally.... here:-

    It might also result in a loss of data, if proper recovery steps aren't taken.
    Source

    It seems to me that the appropriate recovery steps weren't taken, as the article says... It's easy to use but can "bite you in the....", Ok, I paraphrased.... Sorry...

    If you have a _full backup_, (system state), of the old system you _might_ be able to recover the files otherwise, as it says here:-

    File encryption uses a symmetric key, which is then itself encrypted with the public key of a public key encryption pair. The related private key must be available in order for the file to be decrypted. This key pair is bound to a user identity and made available to the user who has possession of the user ID and password. If the private key is damaged or missing, even the user that encrypted the file cannot decrypt it.
    you are up "that" creek without a paddle..... Since, as you already stated, the hashes are incomplete... IOW, the pair is no longer intact - due to the change of identity of the box itself.

    It's no longer an issue that you know the admin password... It's an issue of whether you can recreate the domain/workgroup SSID having an administator with the same password.... Good luck on that, SSID's are deliberately long, random and hard to guess.

    I hate to say this, but it's time to move on......
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #15
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    remmember ... i cannot boot the disk... i can only use it as secondary master on my machine which has a different admin account
    This is your main problem, unless you can import the security certificates for the encrypted files, you need to get the disk to boot.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  6. #16
    Senior Member
    Join Date
    Aug 2001
    Posts
    267
    Been there....done that.....(once computer name is changed, files don't belong to the original owner)

    My solution was to attach the drive (direct IDE cable, or external USB box) to a Windows 2000 Server, then take ownership. Copy to a shared directory. Put the original hard drive back into its computer, and download the 'shared' files. (or burn to a CD)

    Bit pricey if you don't have WIN 2K server.

  7. #17
    Banned
    Join Date
    Aug 2004
    Posts
    534
    why do i need windows 2000 server ... i do have it but it's not installed

    did you use encryption as well on the files...

  8. #18
    Senior Member
    Join Date
    Aug 2001
    Posts
    267
    Windows 2000 server WILLl 'take ownership' of the files. No encryption on the files.

    (I tried taking ownership with XP...but it wouldn't work)

    I presume Win2K Server has more 'rights' than any operating system. (Just a guess)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •