Regarding efs again. Sorry

  • Thread starter Thread starter Paul Crilley
  • Start date Start date
P

Paul Crilley

Hi all.

I posted yesterday about how I installed a clean version of xp and
could not gain access to encrypted documents I had backed up form my
old configuration. Well, I was wondering if there was any way to get
my local administrator password from my old windows install from the
documents and settings folder I backed up to
D: drive before I formatted C: drive? If I can get the password, (If
it is stored in some form in Documents and settings) then I can use
the program
"EFS key" to access my efs encrypted files. My "Application
Data/Microsoft/Crypto" folder is there with files that have long
numbesr. Could it be one of them, and how would I convert them to the
Local Aministrator password?

Yours, exhausted.

Paul
 
Passwords aren't stored in a user's appdata. Unless there is something like
l0phtcrack that works against DPAPI-protected keys you're out of luck.

(I wonder if that last sentence will inspire any crackers to write a new
tool.)
 
And even if the certificate from the old install is quite happily
sitting in certmgr.msc next to my new certificate for my new install?
I can read the "thumprint number" and the "public key number" and the
"serial number" number of the old certificate. The date on it matches
up to my last install of windows. Is there no way to use this old
certificate to access teh encrypted files?

Sorry to go on, but I want to just want to make absolutely sure
before I begin the grieving process and move on.

Best,
Paul
Drew Cooper said:
Passwords aren't stored in a user's appdata. Unless there is something like
l0phtcrack that works against DPAPI-protected keys you're out of luck.

(I wonder if that last sentence will inspire any crackers to write a new
tool.)
--
Drew Cooper [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.


Paul Crilley said:
Hi all.

I posted yesterday about how I installed a clean version of xp and
could not gain access to encrypted documents I had backed up form my
old configuration. Well, I was wondering if there was any way to get
my local administrator password from my old windows install from the
documents and settings folder I backed up to
D: drive before I formatted C: drive? If I can get the password, (If
it is stored in some form in Documents and settings) then I can use
the program
"EFS key" to access my efs encrypted files. My "Application
Data/Microsoft/Crypto" folder is there with files that have long
numbesr. Could it be one of them, and how would I convert them to the
Local Aministrator password?

Yours, exhausted.

Paul
Click to expand...
Click to expand...
 
First, can you provide a link to info on this program "EFS key"

When you say you want to find the Adminsitrator password
from the old install's backed-up profile, I assume you mean
the old Administrator account's EFS access key.

If you have the intact profile but do not know the password
you may be able to crack it out if you have also the old installs
registry available.

If you have the complete profile unmodified of the old account
that had encrypted the files, and you know the password of that
account, then you may be able to recover access to the EFS
encrypted files if they are still entact and showing as EFS encrypted.
You would either need to open a paid support call with Microsoft
or try using the info at
http://www.beginningtoseethelight.org/efsrecovery/index.php

Whether your mentioned program is of any use is another matter.
 
I'm starting to think the docs are lost. I don't have any registry
settings from the old install and do not know the password of the
account. (I didn't set one, so I assume it is random.) I was hoping
the passwords were stored in some form in the apllication
data\Microsoft folder that I backed up from my old installation, but
it doesn't look that way either.

Thanks for your time, though.

Best,
Paul
 
Back
Top