Re: EFS Certs in AD or local PC?
- From: "Steve" <wonderlan1@xxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 29 May 2008 19:14:02 -0500
If by cert you mean a .pfx file then if you can send it to the user he could
import it into his user account profile and use it. .pfx files that contain
the user certificate and privtae key are password protected so he would need
the password to unlock that file also. EFS files are decrypted by a user's
private key. The public key certificate is used to encrypt the EFS files.
Steve
"Quilnux" <Quilnux@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:33239C56-B678-4634-961C-3112724B6BA8@xxxxxxxxxxxxxxxx
If his profile is in AD and we import his cert, will he be able to decrypt
the files under his account?
"Steve" wrote:
Just to add that EFS files can not be copied by anyone other then a user
that can decrypt them but a user can use NTbackup to back them up to be
restored on another computer such as one where the RA certificate/private
key exists for attempted decryption. Also RA certificate/private key can
be
imported via password protected .pfx file to a computer for attempted
recovery of EFS files.
The users EFS private key is stored in the user's profile but not in a
way
that can be normally exported. There are third party tools that can scan
a
computer to look for EFS private keys [such as from a restored profile to
a
computer other than the original OS] that can possibly decrypt EFS files
if
the user's password is known. If there are no correct EFS private keys
[user
or RA with matching thumbprint] available to decrypt a users EFS files
then
it will not be possible to recover the EFS files.
Steve
http://www.elcomsoft.com/aefsdr.html --- free trial can be used to
search
for and unlock EFS private keys but if found the free version will only
decrypt a couple bits of EFS file, just enough to let you know full
version
should work
"Steve" <wonderlan1@xxxxxxxxxxxxxxxxxxxxx> wrote in message
news:Ojo7H3YwIHA.4876@xxxxxxxxxxxxxxxxxxxxxxx
While there are ways to archive EFS certificate/private keys, I believe
that requires W2003 Enterprise, and in your case his
certificate/private
key was on the local computer. See if he possibly exported it for
backup
at some point in time to see if he can import it back into his computer
via a .pxf file. If the domain security policy has a Recovery Agent
configured then the RA [usually built in domain administrator account]
could logon to a computer that contains the RA EFS certificate/private
key
[usually the domain controller] and deccrypt the files. Note that ANY
EFS
certificate used to attempt to decrypt files MUST also have the
matching
private key - a .cer file does NOT. Though he/you may not be able to
access the files right now you can view the advanced properties/detains
of
them to see if a RA is included as user that can decrypt.
Steve
"Quilnux" <Quilnux@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:95785FD5-839E-4A23-B4C9-974A3E6884B2@xxxxxxxxxxxxxxxx
Hello,
We have a user which was using a desktop with an EFS folder. Recently
the
OS
drive failed and we had to reload the system from a new HDD. The EFS
folder
is on a secondary drive which is ok but I need to know if he will be
able
to
access the folder when he logs in next wednesday from his account in
AD
or if
I need to get his EFS cert from archives. It takes archives a week to
get
us
the disks we need so if it is saved in his AD account I may not need
to
contact them.
Thanks,
Quilnux
.
- References:
- Re: EFS Certs in AD or local PC?
- From: Steve
- Re: EFS Certs in AD or local PC?
- From: Steve
- Re: EFS Certs in AD or local PC?
- From: Quilnux
- Re: EFS Certs in AD or local PC?
- Prev by Date: 1 Notebook unable to log in
- Next by Date: Re: Frequest disconnects from domain -- Why?
- Previous by thread: Re: EFS Certs in AD or local PC?
- Next by thread: Re: Printing from Laptops Connected Remotely
- Index(es):
Relevant Pages
|
