EFS Certificate Needed

EFS Certificate Needed
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
EFS Certificate Needed HonoredWriter 10-23-2007
Posted by =?Utf-8?B?SG9ub3JlZFdyaXRlcg== on October 23, 2007, 3:12 am
If you were  Registered and logged in, you could reply and use other advanced thread options
How do I obtain a Recovery Agent certificate to recover/restore/decrypt some
previously encripted files? The certificates I have are not worthy to be
Recovery Agent certificates even though their intended purposes are clearly
stated. ( Shucks, I'm thinking this computer has intuitive intelligence.)
--
HonoredWriter

Posted by Brian Komar on October 23, 2007, 11:38 am
If you were  Registered and logged in, you could reply and use other advanced thread options
You need to:
1) determine which certificate was the recovery agent. (use EFSINFO or the
General tab advanced button to find the thumbprint of the certificate
2) You need to determine who the certificate was issued to.
3) You need to log on at the computer where the certificate was generated as
the user that received the certificate
4) You need to check whether the certificate is still in that user's profile
(Certmgr.msc)
5) You can then export it and import it to the computer where you want to
perform the recovery process.

You cannot inject in a efs recovery agent certificate without having either
the previous recovery agent certificate and private key or the user efs
certificate and private key.

Brian

> How do I obtain a Recovery Agent certificate to recover/restore/decrypt
> some
> previously encripted files? The certificates I have are not worthy to be
> Recovery Agent certificates even though their intended purposes are
> clearly
> stated. ( Shucks, I'm thinking this computer has intuitive intelligence.)
> --
> HonoredWriter


Posted by =?Utf-8?B?SG9ub3JlZFdyaXRlcg== on October 23, 2007, 1:17 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
dDear Brian and Roger;
It was an error message that I received when I attempted to use several
other certficates that I had to be used. Windows would not allow me to use
them. With the information that the two of you provided will be of good use
in my training. (smile). Thanks. I will keep you informed of my progress. I
will use the information contained in DOS to attempt recovery.
--
HonoredWriter


"Brian Komar" wrote:

> You need to:
> 1) determine which certificate was the recovery agent. (use EFSINFO or the
> General tab advanced button to find the thumbprint of the certificate
> 2) You need to determine who the certificate was issued to.
> 3) You need to log on at the computer where the certificate was generated as
> the user that received the certificate
> 4) You need to check whether the certificate is still in that user's profile
> (Certmgr.msc)
> 5) You can then export it and import it to the computer where you want to
> perform the recovery process.
>
> You cannot inject in a efs recovery agent certificate without having either
> the previous recovery agent certificate and private key or the user efs
> certificate and private key.
>
> Brian
>
> > How do I obtain a Recovery Agent certificate to recover/restore/decrypt
> > some
> > previously encripted files? The certificates I have are not worthy to be
> > Recovery Agent certificates even though their intended purposes are
> > clearly
> > stated. ( Shucks, I'm thinking this computer has intuitive intelligence.)
> > --
> > HonoredWriter
>

Posted by Roger Abell [MVP] on October 23, 2007, 11:42 am
If you were  Registered and logged in, you could reply and use other advanced thread options
One may generate and EFS recovery agent .pfx by use of
the cipher utility with the /r option. See cipher /?
After being installed, that recovery agent will only have
decrypt capabilities on files EFS-touched afterwords.

If you believe you already have a recovery agent set up
and it is unable to decrypt EFS files, then you probably
need to use the efsinfo utility to examine the thumbprint
of the files that may not be decrypted, verify that the
account from which you attempt actually has the recovery
agent private key installed within it, etc.

Why is it that you say
> The certificates I have are not worthy to be Recovery Agent
> certificates even though their intended purposes are clearly
> stated.
?? What is it that you are seeing and how? How are you
attempting to use this (these?) ?


> How do I obtain a Recovery Agent certificate to recover/restore/decrypt
> some
> previously encripted files? The certificates I have are not worthy to be
> Recovery Agent certificates even though their intended purposes are
> clearly
> stated. ( Shucks, I'm thinking this computer has intuitive intelligence.)
> --
> HonoredWriter



Posted by =?Utf-8?B?SG9ub3JlZFdyaXRlcg== on October 23, 2007, 1:07 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Dear Brian and Roger;
The certificates I have were recently installed days after the files were
encrypted. And I think that I am in a no win situation, because I
re-installed Windows after the encryption. I should have deciphered the files
prior to re-installing Windows. The keys have probably been
discarded/changed. Also I changed the name of the User. It was foolish of me
to believe that I could decrypt files after I had re-installed Windows. The
files were not deleted because they are located on another drive and
partition. I was pulling for straws by assuming I could use another
certficate to decipher the files. Me think I will keep one or two of them on
my system to remind me what not to do (smile). Thanks for all of your good
help with the sharing of your knowledge. It is amazing how much smarter one
gets when one makes a foolish mistake. "If any man thinks he is wise let him
become a fool so he can become wise."
Thanks for your assistance.
--
HonoredWriter


"Roger Abell [MVP]" wrote:

> One may generate and EFS recovery agent .pfx by use of
> the cipher utility with the /r option. See cipher /?
> After being installed, that recovery agent will only have
> decrypt capabilities on files EFS-touched afterwords.
>
> If you believe you already have a recovery agent set up
> and it is unable to decrypt EFS files, then you probably
> need to use the efsinfo utility to examine the thumbprint
> of the files that may not be decrypted, verify that the
> account from which you attempt actually has the recovery
> agent private key installed within it, etc.
>
> Why is it that you say
> > The certificates I have are not worthy to be Recovery Agent
> > certificates even though their intended purposes are clearly
> > stated.
> ?? What is it that you are seeing and how? How are you
> attempting to use this (these?) ?
>
>
> > How do I obtain a Recovery Agent certificate to recover/restore/decrypt
> > some
> > previously encripted files? The certificates I have are not worthy to be
> > Recovery Agent certificates even though their intended purposes are
> > clearly
> > stated. ( Shucks, I'm thinking this computer has intuitive intelligence.)
> > --
> > HonoredWriter
>
>
>

Similar ThreadsPosted
Help needed April 24, 2006, 4:16 pm
Urgent help needed! May 1, 2006, 4:26 am
kb903235 is it needed if you use Sun Java? July 13, 2005, 9:30 am
Allowing only needed verbs July 13, 2006, 5:32 am
The much anticipated and needed patch will be available in about 2 hours January 5, 2006, 2:56 pm
Fancy footwork needed with WSUS July 14, 2006, 9:15 am
Old version of Windows Defender needed November 21, 2006, 3:03 pm
Microsoft Security (PKI exactly) Books are needed! October 4, 2007, 2:51 am
Private Key Export Urgent help needed !!!! March 2, 2008, 4:07 am
BEta testers needed for videoconferencing application December 8, 2006, 10:52 am

The site map in XML format XML site map

Contact Us | Privacy Policy