RE: [ActiveDir] Decrypt Files from a no longer existing domain
If you can't find the cert that encrypted them or the cert for the Data Recovery Agent (DRA) (usually the domain admin) you are out of luck. They key to open the data is stored in the headers of the file and it is locked up with the private key for the user who encrypted it and the private key for the DRA. The data is encrypted symmetrically. You may find those keys exist somewhere even though the domain doesn't exist anymore. You should be able to recover with them. -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 11:33 AM To: ActiveDir (E-mail) Subject: [ActiveDir] Decrypt Files from a no longer existing domain How can I decrypt some files that I did not know were encrypted when I decommissioned the last DC in that old domain. I have tried restoring them to a FAT Partition and I can open them but there is no data in them. Any help would be appreciated Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Decrypt Files from a no longer existing domain
I should mention that these files were encrypted by accident by the user by checking the box encrypt contents while looking at the properties of the folder. Where could I get the DRA from if the domain doesn't exist, restore the domain on a workstations? -Original Message- From: Sullivan, Kevin [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 11:37 AM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] Decrypt Files from a no longer existing domain If you can't find the cert that encrypted them or the cert for the Data Recovery Agent (DRA) (usually the domain admin) you are out of luck. They key to open the data is stored in the headers of the file and it is locked up with the private key for the user who encrypted it and the private key for the DRA. The data is encrypted symmetrically. You may find those keys exist somewhere even though the domain doesn't exist anymore. You should be able to recover with them. -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 11:33 AM To: ActiveDir (E-mail) Subject: [ActiveDir] Decrypt Files from a no longer existing domain How can I decrypt some files that I did not know were encrypted when I decommissioned the last DC in that old domain. I have tried restoring them to a FAT Partition and I can open them but there is no data in them. Any help would be appreciated Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Decrypt Files from a no longer existing domain
I am not positive but if the domain admin had logged into a workstation at some point the cert may be in that profile. I would have to go to the RK to find the specific location. The recovery of encrypted docs is thoroughly documented. I just did a TechNet search and found reams of info I am sure there is something in there for you to look at. -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 11:46 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Decrypt Files from a no longer existing domain I should mention that these files were encrypted by accident by the user by checking the box encrypt contents while looking at the properties of the folder. Where could I get the DRA from if the domain doesn't exist, restore the domain on a workstations? -Original Message- From: Sullivan, Kevin [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 11:37 AM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] Decrypt Files from a no longer existing domain If you can't find the cert that encrypted them or the cert for the Data Recovery Agent (DRA) (usually the domain admin) you are out of luck. They key to open the data is stored in the headers of the file and it is locked up with the private key for the user who encrypted it and the private key for the DRA. The data is encrypted symmetrically. You may find those keys exist somewhere even though the domain doesn't exist anymore. You should be able to recover with them. -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 11:33 AM To: ActiveDir (E-mail) Subject: [ActiveDir] Decrypt Files from a no longer existing domain How can I decrypt some files that I did not know were encrypted when I decommissioned the last DC in that old domain. I have tried restoring them to a FAT Partition and I can open them but there is no data in them. Any help would be appreciated Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Decrypt Files from a no longer existing domain
How they were encrypted - accidental or not - has no bearing. They're gone. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 11:46 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Decrypt Files from a no longer existing domain I should mention that these files were encrypted by accident by the user by checking the box encrypt contents while looking at the properties of the folder. Where could I get the DRA from if the domain doesn't exist, restore the domain on a workstations? -Original Message- From: Sullivan, Kevin [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 11:37 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Decrypt Files from a no longer existing domain If you can't find the cert that encrypted them or the cert for the Data Recovery Agent (DRA) (usually the domain admin) you are out of luck. They key to open the data is stored in the headers of the file and it is locked up with the private key for the user who encrypted it and the private key for the DRA. The data is encrypted symmetrically. You may find those keys exist somewhere even though the domain doesn't exist anymore. You should be able to recover with them. -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 11:33 AM To: ActiveDir (E-mail) Subject: [ActiveDir] Decrypt Files from a no longer existing domain How can I decrypt some files that I did not know were encrypted when I decommissioned the last DC in that old domain. I have tried restoring them to a FAT Partition and I can open them but there is no data in them. Any help would be appreciated Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Decrypt Files from a no longer existing domain
One possible solution would be to disconnect the network cable and try logging on as the user who encrypted them, assuming that their are credentials cached on the machine. -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 10:14 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Decrypt Files from a no longer existing domain How they were encrypted - accidental or not - has no bearing. They're gone. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 11:46 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Decrypt Files from a no longer existing domain I should mention that these files were encrypted by accident by the user by checking the box encrypt contents while looking at the properties of the folder. Where could I get the DRA from if the domain doesn't exist, restore the domain on a workstations? -Original Message- From: Sullivan, Kevin [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 11:37 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Decrypt Files from a no longer existing domain If you can't find the cert that encrypted them or the cert for the Data Recovery Agent (DRA) (usually the domain admin) you are out of luck. They key to open the data is stored in the headers of the file and it is locked up with the private key for the user who encrypted it and the private key for the DRA. The data is encrypted symmetrically. You may find those keys exist somewhere even though the domain doesn't exist anymore. You should be able to recover with them. -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 11:33 AM To: ActiveDir (E-mail) Subject: [ActiveDir] Decrypt Files from a no longer existing domain How can I decrypt some files that I did not know were encrypted when I decommissioned the last DC in that old domain. I have tried restoring them to a FAT Partition and I can open them but there is no data in them. Any help would be appreciated Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Decrypt Files from a no longer existing domain
I looked in the profile on the server at the Administrators profile under documents and settings, there is a Crypto folder that contains a folder with a SID/GUID as the name of the folder. Inside there are three System Files. I am assuming that this is not the location, however is there a place I can look thru the RK online? -Original Message- From: Sullivan, Kevin [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 12:08 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] Decrypt Files from a no longer existing domain I am not positive but if the domain admin had logged into a workstation at some point the cert may be in that profile. I would have to go to the RK to find the specific location. The recovery of encrypted docs is thoroughly documented. I just did a TechNet search and found reams of info I am sure there is something in there for you to look at. -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 11:46 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Decrypt Files from a no longer existing domain I should mention that these files were encrypted by accident by the user by checking the box encrypt contents while looking at the properties of the folder. Where could I get the DRA from if the domain doesn't exist, restore the domain on a workstations? -Original Message- From: Sullivan, Kevin [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 11:37 AM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] Decrypt Files from a no longer existing domain If you can't find the cert that encrypted them or the cert for the Data Recovery Agent (DRA) (usually the domain admin) you are out of luck. They key to open the data is stored in the headers of the file and it is locked up with the private key for the user who encrypted it and the private key for the DRA. The data is encrypted symmetrically. You may find those keys exist somewhere even though the domain doesn't exist anymore. You should be able to recover with them. -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 11:33 AM To: ActiveDir (E-mail) Subject: [ActiveDir] Decrypt Files from a no longer existing domain How can I decrypt some files that I did not know were encrypted when I decommissioned the last DC in that old domain. I have tried restoring them to a FAT Partition and I can open them but there is no data in them. Any help would be appreciated Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Decrypt Files from a no longer existing domain
www.microsoft.com www.google.com www.rtfm.com www.YouAreProbablyNotGoingToGetTheFilesBack.com www.DontWasteYourTime.org -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 12:39 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Decrypt Files from a no longer existing domain I looked in the profile on the server at the Administrators profile under documents and settings, there is a Crypto folder that contains a folder with a SID/GUID as the name of the folder. Inside there are three System Files. I am assuming that this is not the location, however is there a place I can look thru the RK online? -Original Message- From: Sullivan, Kevin [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 12:08 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] Decrypt Files from a no longer existing domain I am not positive but if the domain admin had logged into a workstation at some point the cert may be in that profile. I would have to go to the RK to find the specific location. The recovery of encrypted docs is thoroughly documented. I just did a TechNet search and found reams of info I am sure there is something in there for you to look at. -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 11:46 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Decrypt Files from a no longer existing domain I should mention that these files were encrypted by accident by the user by checking the box encrypt contents while looking at the properties of the folder. Where could I get the DRA from if the domain doesn't exist, restore the domain on a workstations? -Original Message- From: Sullivan, Kevin [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 11:37 AM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] Decrypt Files from a no longer existing domain If you can't find the cert that encrypted them or the cert for the Data Recovery Agent (DRA) (usually the domain admin) you are out of luck. They key to open the data is stored in the headers of the file and it is locked up with the private key for the user who encrypted it and the private key for the DRA. The data is encrypted symmetrically. You may find those keys exist somewhere even though the domain doesn't exist anymore. You should be able to recover with them. -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 11:33 AM To: ActiveDir (E-mail) Subject: [ActiveDir] Decrypt Files from a no longer existing domain How can I decrypt some files that I did not know were encrypted when I decommissioned the last DC in that old domain. I have tried restoring them to a FAT Partition and I can open them but there is no data in them. Any help would be appreciated Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
