"Mouse4440" <DoNotEmail.DeleteThis@WindowsForumz.com> wrote in message
news:3_1184166_682e46f0d60f56f2114f32822a76208d@windowsforumz.com...
> "kerry15" wrote:
> > "Mouse4440" <DoNotEmail.DeleteThis@WindowsForumz.com> wrote in message
> > news:3_1183971_590abcb1375a568d59e74bf288c16868@windowsforumz.com...
> > > "Jupiter Jones MVP" wrote:
> > > > Was there a Designated Recovery Agent on the domain?
> > > > If not, the data is most likely gone for good.
> > > >
> > > > See the bottom of this page for ways to help prevent
> > data loss
> > > > with EFS in
> > > > the future:
<font color=green> > > > > <a style='text-decoration: underline;' href="http://www3.telus.net/dandemar/encrypt.htm</font" target="_blank">http://www3.telus.net/dandemar/encrypt.htm</font</a>>
> > > >
> > > > --
> > > > Jupiter Jones [MVP]
<font color=green> > > > > <a style='text-decoration: underline;' href="http://www3.telus.net/dandemar</font" target="_blank">http://www3.telus.net/dandemar</font</a>>
> > > > In memory of our dear friend, MVP Alex Nichol
<font color=green> > > > > <a style='text-decoration: underline;' href="http://www.dts-l.org</font" target="_blank">http://www.dts-l.org</font</a>>
> > > >
> > > >
> > > > "Mouse4440" <UseLinkToEmail.DeleteThis@WindowsForumz.com>
> > wrote in
> > > > message
> > > >
> > news:3_1177687_c7f35c781fba764475392afee945baeb@windowsforumz.com...
> > > > > Recently I used RIS (Remote Installation
> > Service) to
> > > > reinstall a
> > > > > clients workstation because it had been
> > upgraded and had
> > > > different
> > > > > versions of Office installed and just
> > generally had issues,
> > > > but what I
> > > > > didn't know is that the user had Encrypted
> > files on another
> > > > drive (USB
> > > > > External Hard Drive) so after I reinstalled
> > the OS the
> > > > Computer
> > > > > account is not the same as before and he can
> > no longer
> > > > access the
> > > > > files that were on the other drive. I have
> > tried several of
> > > > the free
> > > > > downloadable recovery packages Advanced EFS
> > recovery and
> > > > others but
> > > > > have had no luck, the recovery agent
> > displays that no user
> > > > is able to
> > > > > decrypt the files and the user account has
> > not changed
> > > > because the
> > > > > user is in a domain. I have tried logging in
> > as local admin,
> > > > domain
> > > > > admin, but still no luck. anyone know of
> > anything I can do.
> > > > and no
> > > > > the user didn't export the keys.
> > > > >
> > > > > --
> > > > > Posted using the
> > <a style='text-decoration: underline;' href="http://www.windowsforumz.com" target="_blank">http://www.windowsforumz.com</a> interface, at author's
> > > > > request
> > > > > Articles individually checked for
> > conformance to usenet
> > > > standards
> > > > > Topic URL:
> > > > >
<font color=green> > > <a style='text-decoration: underline;' href="http://www.windowsforumz.com/Security-Admin-EFS-Issue-ftopict365344.html</font" target="_blank">http://www.windowsforumz.com/Security-Admin-EFS-Issue-ftopict365344.ht...lt;/fon</a>>
> > > > > Visit Topic URL to contact author (reg.
> > req'd). Report
> > > > abuse:
> > > > >
<font color=green> > > <a style='text-decoration: underline;' href="http://www.windowsforumz.com/eform.php?p=1177687</font" target="_blank">http://www.windowsforumz.com/eform.php?p=1177687</font</a>>
> > >
> > > I’m not sure, I logged in as admin on the local machine and
> > as the
> > > domain admin and the windows recovery thing display no
> > recovery agent
> > > present. is this something that user had to setup or is an
> > automatic
> > > thing?
> > >
> >
> > With XP you have to setup the recovery agent. Win2k worked
> > differently. If
> > he was logged on locally when he encrypted the files you are
> > probably out of
> > luck. If he was logged on as a domain user you will have to
> > figure out if
> > there is a recovery agent and who it is. Export the recovery
> > key and import
> > it on the machine with the files on it. You may also have to
> > take ownership
> > of the files on the USB drive first.
> >
<font color=green> > > <a style='text-decoration: underline;' href="http://support.microsoft.com/default.aspx?scid=kb;en-us;887414</font" target="_blank">http://support.microsoft.com/default.aspx?scid=kb;en-us;887414</font</a>>
> >
<font color=green> > > <a style='text-decoration: underline;' href="http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/windows/xp/all/reskit/en-us/prnb_efs_lnfx.asp</font" target="_blank">http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit...-us/Def</a>>
> >
> > Kerry
>
> He was a domain user but the key was on the system partition and the
> data is on another drive, the system partition that had the keys was
> deleted with the install of Win XP. I logged in as the user and the
> recovery agent displays no recovery agent present, likewise for the
> local admin and domain admin. I have not taken ownership though.
> would I need to do that for the recovery agent.
You have to figure out who the DRA is (see my previous links), export their
private certificate and key, then import the certificate and key on the
computer that you are using to decrypt the files. It is common practice to
only use certain secure computers for EFS recovery so that the key cannot be
taken away and data unencrypted off site. If this is the case you would have
to have the files on the recovery computer. You may or may not have to take
ownership first but it wouldn't hurt to do so. EFS can be very tricky. From
what you have described his data is probably gone. You should investigate
the links in my last post and either restrict users from using EFS via group
policy or setup a DRA and store the certificate and key in a safe place. If
you don't this may cause you grief again in the future.
Kerry<!-- ~MESSAGE_AFTER~ -->
>> Stay informed about: EFS Issue 
FAQ
Profile
Private Messages
Log in
Windows XP