Hi,
I understand that you want to decrypt the files encrypted by a deleted
domain user account in Windows 2000 domain.
In Windows 2000 domain, when the first domain controller (DC) is set up,
the domain administrator is the specified recovery agent for the domain.
The domain administrator can log on to the first DC in the domain, and then
change the recovery policy for the domain.
The following article provides more information:
HOW TO: Configure a Domain EFS Recovery Policy in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;q313365&sd=tech
Please find these suggestions and check if it helps you to decrypt the
files:
Login to the user's system using the domain administrator account.
Use efsinfo.exe to find the information about who is the recovery agent for
the file. Efsinfo.exe can be downloaded from the link below:
http://www.microsoft.com/downloads/details.aspx?FamilyID=9c70306d-0ef3-4b0c-
ab61-81da208f5c47&displaylang=en
The link below helps you with the information on how to use efsinfo.exe
Using Efsinfo.exe to Determine Information About Encrypted Files
http://support.microsoft.com/default.aspx?scid=kb;[LN];243026
If you find the recovery agent, you can then follow the steps in the link
below to decrypt the files.
To recover an encrypted file or folder if you are a designated recovery
agent
http://www.microsoft.com/windows2000/en/server/help/default.asp?url=/windows
2000/en/server/help/encrypt_to_recover_agent.htm
Hope it answers your question.
Thank you,
Rashmi
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: (e-mail address removed) (Gary)
| Newsgroups: microsoft.public.win2000.security
| Subject: EFS Decryption
| Date: 14 May 2004 17:33:16 -0700
| Organization:
http://groups.google.com
| Lines: 22
| Message-ID: <
[email protected]>
| NNTP-Posting-Host: 67.80.32.87
| Content-Type: text/plain; charset=ISO-8859-1
| Content-Transfer-Encoding: 8bit
| X-Trace: posting.google.com 1084581196 26267 127.0.0.1 (15 May 2004
00:33:16 GMT)
| X-Complaints-To: (e-mail address removed)
| NNTP-Posting-Date: Sat, 15 May 2004 00:33:16 +0000 (UTC)
| Path:
cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.s
ul.t-online.de!t-online.de!newsfeed.gamma.ru!Gamma.RU!newsfeed.icl.net!newsf
eed.fjserv.net!newsfeed.arcor.de!fu-berlin.de!postnews1.google.com!not-for-m
ail
| Xref: cpmsftngxa10.phx.gbl microsoft.public.win2000.security:27031
| X-Tomcat-NG: microsoft.public.win2000.security
|
| I'm really not knowledgeable about EFS, so please bear with me.
|
| I have a Windows 2000 pc used by a former employee. The machine was
| joined to our AD domain and is completely intact. First thing I did
| was take a Ghost image of it.
|
| Local admin cannot decrypt the files.
|
| The domain account for the former user is no longer available.
|
| The AEFSDR tool cannot decrypt the files and is unable to decrypt the
| master key.
|
| EFSINFO shows the original user as one who is able to decrypt and a
| different user (who is also no longer with the company) as the
| recovery agent. I assume that the usernames it shows are the domain
| accounts??
|
| I've read the MS KB article, and I'm not sure if I'm just not
| understanding it or what...
|
| I'm confused!!!
|
