How to use recovery agent to open a user's encrypted file

[PeeluckyDuckee]

If a user has a file, per say a txt file, encrypted, how exactly can I use a recovery agent to decrypt, open, and view the file?

I tried but somehow it doesn't seem to work. Any ideas folks?

Plucky

 

[Marqui]

<< If a user has a file, per say a txt file, encrypted, how exactly can I use a recovery agent to decrypt, open, and view the file?

I tried but somehow it doesn't seem to work. Any ideas folks?

Plucky >>



Do you have administration access? If so, you can't do it unless you have admin access. You will need to setup a recovery agent thru 'Group Policy'. I think its like in computer configuation > windows settings > security > public keys and then you have to locate the .cer file (certificate) of the person you want to designate as a recovery agent.

Or an easier way if you have admin access, you can change the users password, logon as that user and and then access it from there.

 

[PeeluckyDuckee]

That has been done but still doesn't seem to work. Wierd thing is not even the administrator can access it

Changing the user's password and logging on as the user to access the file? That would be hard if you don't know the user's password, wouldn't it?....

Plucky

 

[Agamar]

As the admin, take ownership of the file and decrypt it. All administrators are recovery agents automatically. You also (of course) have to change the file properties so it won't be encrypted anymore.

 

[TBP]

If you are admin, it's piece of cake to change a user's passwd. It is not straightforward to change it back to the original one, although it is doable.

 

[Marqui]

<< That has been done but still doesn't seem to work. Wierd thing is not even the administrator can access it

Changing the user's password and logging on as the user to access the file? That would be hard if you don't know the user's password, wouldn't it?....

Plucky >>



If you an admin you can basically do anything you want. To change a users password... load up 'Users', locate the user in question, right click on the user and choose 'set password'


Another quick question... do you know if this user used the built in EFS, or did he use some 3rd party encryption software? that could be why the recovery agent is not working properly.

Also, not sure if this would work all the way, but if you don't get the agent to work, and you don't want him to know that you accessed the file, you could probably do a quick backup of the system data (with the backup util), change the user password, read what you need, then do a quick recovery from the old system data.

 

[TBP]

<< and you don't want him to know that you accessed the file, you could probably do a quick backup of the system data (with the backup util), change the user password, read what you need, then do a quick recovery from the old system data >>



Shouldn't that be: &quot;and you don't want him to know that you accessed the file, then you should not touch the file&quot;?

Access is a privilige, not a right.

enough preaching

 

[PeeluckyDuckee]

Encryption is done thru NTFS' built-in EFS system. There's 2 ways to encrypting a file, one's thru right clicking on the file's properties, and another is thru the command prompt using the cipher command.

What is the proper way to enter the cipher commands to encrypt the file by the user and to decrypt it by the recovery agent/administrator? There's a few switches, not sure which to use or how they work. Please do enlighten me

I don't think doing a backup and recovery is such a good idea in a networking environment as users would most likely notice a lack of access

BTW, this is just for a lab we're doing, not a real life scenario

THx.
Plucky