Re: Encrypted files do they work for backups?
- From: "Russ Grover" <russ@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 5 Sep 2005 07:43:07 -0700
So even if you were the same person Administrator/Domain/Password who
created the file in the first place
you aren't able to access the file, if a new server was created with same
credentials
Hmmm Interesting....
--
Russ Grover
Small Business IT Support
SBS Rocks!
Portland/Beaverton OR
Email: Sales at SmallBusinessITSupport.com
Website: http://www.SmallBusinessITSupport.com
""Jenny wu [MSFT]"" <v-yanniw@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:j9d5L8IrFHA.472@xxxxxxxxxxxxxxxxxxxxxxxx
> Hi Russ,
>
> Thanks for you update!
>
> Just as I said in my previous post, the encrypted file can be decrypted by
> the user account who encrypts the file, whichever you are administrator or
> domain user. In your now scenario, you need follow my 3rd step to recover
> the encrypted file in my previous post.
>
> I appreciate you time and effort. I am currently standing by for you
> about
> the test result. I am always happy to be of further assistance.
>
> Have a nice day!
>
> Best Regards,
>
> Jenny Wu
> Microsoft CSS Online Newsgroup Support
> Get Secure! - www.microsoft.com/security
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check
> the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In
> doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
> --------------------
>>From: "Russ Grover" <russ@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
>>References: <u5MbBvAqFHA.2628@xxxxxxxxxxxxxxxxxxxx>
> <XW7ggPKqFHA.1208@xxxxxxxxxxxxxxxxxxxxx>
> <uln5YBOqFHA.2968@xxxxxxxxxxxxxxxxxxxx>
> <$oEexmVqFHA.1204@xxxxxxxxxxxxxxxxxxxxx>
>>Subject: Re: Encrypted files do they work for backups?
>>Date: Sun, 28 Aug 2005 20:38:45 -0700
>>Lines: 314
>>X-Priority: 3
>>X-MSMail-Priority: Normal
>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>>X-RFC2646: Format=Flowed; Original
>>Message-ID: <OHGqrsErFHA.1788@xxxxxxxxxxxxxxxxxxxx>
>>Newsgroups: microsoft.public.windows.server.sbs
>>NNTP-Posting-Host: c-67-171-186-13.hsd1.or.comcast.net 67.171.186.13
>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
>>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:148643
>>X-Tomcat-NG: microsoft.public.windows.server.sbs
>>
>>Sorry for the Delay...
>>
>>Well since it's a Backup Drive it's NTFS since the server is over 4GB...
>>The File is encrypted by the administrator. so no it's not a roaming
>>profile.
>>
>>I guess I thought this was a straight forward question....
>>
>>If I use the administrator account, and I encrypt it EFS on a External
> Drive
>>NTFS
>>And the server dies...
>>I do a recovery...
>>
>>Will I be able to access the backup?
>>
>>Russ?
>>
>>--
>>Russ Grover
>>Small Business IT Support
>>SBS Rocks!
>>Portland/Beaverton OR
>>Email: Sales at SmallBusinessITSupport.com
>>Website: http://www.SmallBusinessITSupport.com
>>
>>
>>""Jenny wu [MSFT]"" <v-yanniw@xxxxxxxxxxxxxxxxxxxx> wrote in message
>>news:$oEexmVqFHA.1204@xxxxxxxxxxxxxxxxxxxxxxxx
>>> Hi Russ,
>>>
>>> Thanks for your update!
>>>
>>> Before we go further, please help me confirm some information:
>>>
>>> 1. What is your USB drive format? NTFS or FAT?
>>> If the drive is formatted by FAT, all the file encrypt information will
> be
>>> lost when the encrypted file is moved to this drive. If the drive is
>>> NTFS
>>> format you need the private key (.pfx file) to decrypt the files
>>>
>>> Please attach the drive to another computer to confirm its format and
>>> try
>>> to open the encrypted file. How is the result?
>>>
>>> 2. How about your server? Have you formatted the hard disk? Have you
>>> used
>>> roaming profile of the user who encrypted the backup file?
>>>
>>> 3. If its format is NTFS, do you have the recovery agent Encrypting File
>>> System (EFS) private key (.pfx file)? Have you enabled recovery agent in
>>> group policy?
>>>
>>> Please refer to the following KB article to check if you enabled
>>> recovery
>>> agent and who has encrypted the file:
>>> 243026Using Efsinfo.exe to determine information about encrypted files
>>> http://support.microsoft.com/kb/243026/
>>>
>>> EFS uses an encryption key that is dynamically generated to encrypt the
>>> file. The File Encryption Key (FEK) is encrypted with the EFS public key
>>> and is added to the file as an EFS attribute that is named Data
> Decryption
>>> Field (DDF).To decrypt the FEK, you must have the corresponding EFS
>>> private
>>> key from the public-private key pair. After you decrypt the FEK, you can
>>> use the FEK to decrypt the file.
>>>
>>> If your EFS private key is lost, you can use a recovery agent to recover
>>> encrypted files. Every time that a file is encrypted, the FEK is also
>>> encrypted with the Recovery Agent's public key. The encrypted FEK is
>>> attached to the file with the copy that is encrypted with your EFS
>>> public
>>> key in the Data Recovery Field (DRF). If you use the recovery agent's
>>> private key, you can decrypt the FEK, and then decrypt the file.
>>>
>>> If you have enabled recovery agent and the USB drive is NTFS, there are
>>> two
>>> scenarios:
>>>
>>> Scenario 1:
>>> If you have private key (.pfx file), you can import the private key and
>>> then use EFS public key in the Data Recovery Field (DRF) to decrypt the
>>> file and then restore server using the backup file.
>>>
>>> Scenario 2:
>>> If you lost the private key, the solution appears very complex. I would
>>> like to suggest you contact Microsoft Customer Support Services via
>>> telephone so
>>> that a dedicated Support Professional can assist with your request.
> Please
>>> be advised that contacting phone support will be a charged call.
>>> However,
>>> if you are simply requesting a hotfix be sent to you and no other
>>> support
>>> then charges are usually refunded or waived.
>>>
>>> To obtain the phone numbers for specific technology request please take
>>> a
>>> look at the web site listed below.
>>>
>>> http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS
>>>
>>> If you are outside the US please see http://support.microsoft.com for
>>> regional support phone numbers.
>>>
>>> For your reference:
>>>
>>> 324897 How to manage the encrypting file system in Windows Server 2003
>>> http://support.microsoft.com/?id=324897
>>>
>>> How to work with EFS in Windows Server 2003, visit the following
> Microsoft
>>> Web site:
>>>
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serve
>>> rHelp/a3aa1b1f-98c9-41b3-ba05-9424e316a078.mspx
>>>
>>> More information about EFS in Windows Server, visit the following
>>> Microsoft
>>> Web site:
>>>
> http://www.msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecur
>>> e/html/WinNETSrvr-EncryptedFileSystem.asp
>>>
> (http://www.microsoft.com/windows2000/techinfo/howitworks/security/encrypt.a
>>> sp)
>>>
>>> Hope above information helps. If you have any further concern or
>>> question
>>> on the issue please feel free to let me know. I am always happy to be
>>> further assistance!
>>>
>>> Have a nice day!
>>>
>>> Best Regards,
>>>
>>> Jenny Wu
>>> Microsoft CSS Online Newsgroup Support
>>> Get Secure! - www.microsoft.com/security
>>> ======================================================
>>> This newsgroup only focuses on SBS technical issues. If you have issues
>>> regarding other Microsoft products, you'd better post in the
> corresponding
>>> newsgroups so that they can be resolved in an efficient and timely
> manner.
>>> You can locate the newsgroup here:
>>> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>>>
>>> When opening a new thread via the web interface, we recommend you check
>>> the
>>> "Notify me of replies" box to receive e-mail notifications when there
>>> are
>>> any updates in your thread. When responding to posts via your
>>> newsreader,
>>> please "Reply to Group" so that others may learn and benefit from your
>>> issue.
>>>
>>> Microsoft engineers can only focus on one issue per thread. Although we
>>> provide other information for your reference, we recommend you post
>>> different incidents in different threads to keep the thread clean. In
>>> doing
>>> so, it will ensure your issues are resolved in a timely manner.
>>>
>>> For urgent issues, you may want to contact Microsoft CSS directly.
>>> Please
>>> check http://support.microsoft.com for regional support phone numbers.
>>>
>>> Any input or comments in this thread are highly appreciated.
>>> ======================================================
>>> This posting is provided "AS IS" with no warranties, and confers no
>>> rights.
>>>
>>> --------------------
>>>>From: "Russ Grover" <russ@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
>>>>References: <u5MbBvAqFHA.2628@xxxxxxxxxxxxxxxxxxxx>
>>> <XW7ggPKqFHA.1208@xxxxxxxxxxxxxxxxxxxxx>
>>>>Subject: Re: Encrypted files do they work for backups?
>>>>Date: Wed, 24 Aug 2005 12:16:34 -0700
>>>>Lines: 129
>>>>X-Priority: 3
>>>>X-MSMail-Priority: Normal
>>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>>>>X-RFC2646: Format=Flowed; Original
>>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>>>>Message-ID: <uln5YBOqFHA.2968@xxxxxxxxxxxxxxxxxxxx>
>>>>Newsgroups: microsoft.public.windows.server.sbs
>>>>NNTP-Posting-Host: c-67-171-186-13.hsd1.or.comcast.net 67.171.186.13
>>>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
>>>>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:147475
>>>>X-Tomcat-NG: microsoft.public.windows.server.sbs
>>>>
>>>>I guess I should just write the whole thing out...
>>>>
>>>>OK If I backup to a USB External Drive.
>>>>To a EFS Encrypted folder (This Hopefully making it impossible for
> someone
>>>>to steal the Backup and Read it.)
>>>>
>>>>And my server Crashes...
>>>>Will I be able to access that folder providing I use the same Admin
> Domain
>>>>and Password When I rebuild the Server?
>>>>(SBS 2003 of course)
>>>>
>>>>Russ
>>>>
>>>>""Jenny wu [MSFT]"" <v-yanniw@xxxxxxxxxxxxxxxxxxxx> wrote in message
>>>>news:XW7ggPKqFHA.1208@xxxxxxxxxxxxxxxxxxxxxxxx
>>>>> Hi Russ,
>>>>>
>>>>> Thanks for posting here!
>>>>>
>>>>> For your description, I understand your concern is that if you can
>>> restore
>>>>> backup file when you encrypted backup file. If I am off base, please
>>> don't
>>>>> hesitate to let me know.
>>>>>
>>>>> Before we go further please help me confirm some information to
>>>>> isolate
>>>>> the
>>>>> issue:
>>>>>
>>>>> 1. How you encrypt the backup file? Using EFS or some third-party
> backup
>>>>> tool?
>>>>>
>>>>> 2. What is OS in your server? SBS 2003 or SBS 2000 or others?
>>>>>
>>>>> 3. If you use EFS encrypt, how you control grant access permissions?
>>>>>
>>>>> By default, when we restore a backup file, we must have read
>>>>> permission
>>> to
>>>>> the backup file and full control permission to the files that need to
> be
>>>>> restored. And the encrypt process is different regarding different
>>>>> software.
>>>>>
>>>>> If you use Microsoft EFS encrypt files, By default, only the user who
>>>>> encrypts a file can recover data that has been encrypted, unless the
>>>>> user
>>>>> specifies a recovery agent before they encrypted the files. Full
> Control
>>>>> permission doesn''t allow a user to decrypt an encrypted file.
>>>>>
>>>>> The following KB article may be useful to you:
>>>>> How to back up the recovery agent Encrypting File System (EFS) private
>>> key
>>>>> in Windows Server 2003, in Windows 2000, and in Windows XP
>>>>> http://support.microsoft.com/?id=241201
>>>>>
>>>>> How To Troubleshoot the File Replication Service in Windows Server
>>>>> 2003
>>>>> http://support.microsoft.com/?id=327341
>>>>>
>>>>> 243026 Using Efsinfo.exe to Determine Information About Encrypted
>>>>> Files
>>>>> http://support.microsoft.com/?id=243026
>>>>>
>>>>> Hope above information helps! I am looking forward to your reply. I am
>>>>> happy to be further assistance.
>>>>>
>>>>> Have a nice day!
>>>>>
>>>>> Best Regards,
>>>>>
>>>>> Jenny Wu
>>>>> Microsoft CSS Online Newsgroup Support
>>>>> Get Secure! - www.microsoft.com/security
>>>>> ======================================================
>>>>> This newsgroup only focuses on SBS technical issues. If you have
>>>>> issues
>>>>> regarding other Microsoft products, you'd better post in the
>>> corresponding
>>>>> newsgroups so that they can be resolved in an efficient and timely
>>> manner.
>>>>> You can locate the newsgroup here:
>>>>> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>>>>>
>>>>> When opening a new thread via the web interface, we recommend you
>>>>> check
>>>>> the
>>>>> "Notify me of replies" box to receive e-mail notifications when there
>>>>> are
>>>>> any updates in your thread. When responding to posts via your
>>>>> newsreader,
>>>>> please "Reply to Group" so that others may learn and benefit from your
>>>>> issue.
>>>>>
>>>>> Microsoft engineers can only focus on one issue per thread. Although
>>>>> we
>>>>> provide other information for your reference, we recommend you post
>>>>> different incidents in different threads to keep the thread clean. In
>>>>> doing
>>>>> so, it will ensure your issues are resolved in a timely manner.
>>>>>
>>>>> For urgent issues, you may want to contact Microsoft CSS directly.
>>>>> Please
>>>>> check http://support.microsoft.com for regional support phone numbers.
>>>>>
>>>>> Any input or comments in this thread are highly appreciated.
>>>>> ======================================================
>>>>> This posting is provided "AS IS" with no warranties, and confers no
>>>>> rights.
>>>>>
>>>>> --------------------
>>>>>>From: "Russ Grover" <russ@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
>>>>>>Subject: Encrypted files do they work for backups?
>>>>>>Date: Tue, 23 Aug 2005 10:55:42 -0700
>>>>>>Lines: 15
>>>>>>X-Priority: 3
>>>>>>X-MSMail-Priority: Normal
>>>>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
>>>>>>X-RFC2646: Format=Flowed; Original
>>>>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
>>>>>>Message-ID: <u5MbBvAqFHA.2628@xxxxxxxxxxxxxxxxxxxx>
>>>>>>Newsgroups: microsoft.public.windows.server.sbs
>>>>>>NNTP-Posting-Host: c-67-171-186-13.hsd1.or.comcast.net 67.171.186.13
>>>>>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
>>>>>>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:147070
>>>>>>X-Tomcat-NG: microsoft.public.windows.server.sbs
>>>>>>
>>>>>>If you Encrypt backup files
>>>>>>(So they can't be accessed by anyone other than the admin on the
> server)
>>>>>>
>>>>>>Can you still access them for restore:?
>>>>>>(Assuming you use the same Admin Domain and Password?)
>>>>>>
>>>>>>--
>>>>>>Russ Grover
>>>>>>Small Business IT Support
>>>>>>Portland\Beaverton OR USA
>>>>>>Email: Sales at SmallBusinessITSupport.com
>>>>>>Website: www.SmallBusinessITSupport.com
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>
>>
>>
>
.
- Follow-Ups:
- Re: Encrypted files do they work for backups?
- From: "Jenny wu [MSFT]"
- Re: Encrypted files do they work for backups?
- Prev by Date: Re: Wireless guest account
- Next by Date: Re: error while printing
- Previous by thread: Re: Encrypted files do they work for backups?
- Next by thread: Re: Encrypted files do they work for backups?
- Index(es):
Relevant Pages
|
