Announcement

Collapse
No announcement yet.

EFS Recovery Agent missing

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • EFS Recovery Agent missing

    Hi folks

    Got an issue with a client who decided to switch on the EFS option on a folder on their network drive, and now can't access it

    Some background to start, this is a Win2003 SBS domain, XP SP3 clients.
    I'm not familar with EFS but have been reading up about it this week to see if i can resolve this issue

    Basically the user rang to say files they were accessing last week are now 'Access Denied'. At this point I checked to see what the issue was and noticed they were encrypted. When I click on the Details option beside the tick box for the EFS it shows a dialog with 'Users who can access the file' and 'Recovery Agents'

    Currently the user in question is the only one listed in the first list
    There is no user listed at all in the 'Recovery Agent' list

    My question - is this normal? Shouldn't the Administrator of the domain be listed as a Recovery Agent? Or if they were listed can they be removed?

    Or has anyone any idea what I need to do now to recover these files?

    Note, as for why the user suddenly can't access the files I'm unsure, but I've read that if there AD account password was reset on the DC that this will happen - is this correct?

    If I've left anything out let me know
    Appreciate any help...

    Thanks
    Shane

  • #2
    Re: EFS Recovery Agent missing

    Obviously this one was a bit harder than I thought!

    I'll ask a different question, there is currently only the one user listed in the ACL for the encryption settings, and its that user that is now locked out from opening her files.

    Can anyone explain why they would not be able to open these if they are on the list? Or if I don't have a recovery agent listed, is there anything I can do with the current user account to get access back to the folder/file?

    Or does anyone know if there is another forum I could try this question on, I've been looking for days but can't find a decent site with more info on this...

    Thanks
    Shane

    Comment


    • #3
      Re: EFS Recovery Agent missing

      Resetting the PW will do this, try changing the password back..

      Comment


      • #4
        Re: EFS Recovery Agent missing

        Already tried that one, so unless the user is giving me the wrong password this isn't working either

        I think we are dead in the water on this one, time I got up to speed on this EFS thing to be better prepared for the next one...

        Thanks anyways...
        Shane

        Comment


        • #5
          Re: EFS Recovery Agent missing

          Have the user change the password back using CTRL ALT DELETE. You'll probably need to turn off some password policies to allow him to do that.

          Also, theres some fancy applications out there that will recover EFS files under situtations like yours.

          Also, not having a Recovery Agent is normal. You can choose not to have one for increased security (and in your case denial of service)

          http://www.elcomsoft.com/aefsdr.html

          Comment


          • #6
            Re: EFS Recovery Agent missing

            Thanks Garen, I will try that, yes there are policies I need to switch off first.

            I found the Elcomsoft product last night actually, worst case I will see if the client is willing to spend the money to get the files back

            Thanks for all the help...
            Shane

            Comment

            Working...
            X