• Welcome to Tux Reports: Where Penguins Fly. We hope you find the topics varied, interesting, and worthy of your time. Please become a member and join in the discussions.

Ecrypted files inaccessible after password reset

O

Oliver

Flightless Bird
Hi,

I recently forgot the password to my user account on my local machine, so I
looged in as administrator and did a password reset for my user account. When
I went back into the user account, I could no longer access any of the
encrypted files. Why is this and how can I make them accessible again?
 
L

Lem

Flightless Bird
Oliver wrote:
> Hi,
>
> I recently forgot the password to my user account on my local machine, so I
> looged in as administrator and did a password reset for my user account. When
> I went back into the user account, I could no longer access any of the
> encrypted files. Why is this and how can I make them accessible again?


Remember the original password and change back. See the last section of
http://support.microsoft.com/kb/331333/

Another victim realizes too late the dangers of the Windows Encrypting
File System. For those lurkers who feel an irresistible urge to use
Windows EFS, make sure to follow the "Best Practices" -
http://support.microsoft.com/kb/223316/en-us

There is also KB316994. This Hotfix probably does NOT apply to you
because you [probably] don't satisfy criterion 4 ("You have logged on to
your computer by using cached credentials when your computer is not on
the network"). I'm virtually certain that the Hotfix will not work
without cached credentials -- if it did, that would be a much too easy
back door past the EFS.
--
Lem

Apollo 11 - 40 years ago:
http://www.nasa.gov/mission_pages/apollo/40th/index.html
 
J

John Wunderlich

Flightless Bird
Lem <lemp40@unknownhost> wrote in news:eYGiIGo2KHA.5820
@TK2MSFTNGP06.phx.gbl:

> Remember the original password and change back.


Alternatively, do a System Restore to a date before you changed the
password then keep trying passwords.

-- John
 
A

Anteaus

Flightless Bird
You basically have two options: remember the password, or try accessing the
files as Administrator. (which account is usually set as the recovery agent
on a nondomain computer)

"Oliver" wrote:

> Hi,
>
> I recently forgot the password to my user account on my local machine, so I
> looged in as administrator and did a password reset for my user account. When
> I went back into the user account, I could no longer access any of the
> encrypted files. Why is this and how can I make them accessible again?
 
P

Paul

Flightless Bird
John Wunderlich wrote:
> Lem <lemp40@unknownhost> wrote in news:eYGiIGo2KHA.5820
> @TK2MSFTNGP06.phx.gbl:
>
>> Remember the original password and change back.

>
> Alternatively, do a System Restore to a date before you changed the
> password then keep trying passwords.
>
> -- John


Once the System Restore is done, and the original password is
back in place, there might be some tool around that can figure
out the password. For example, here a LiveCD is mentioned, that
can automatically crack the passwords. I have no idea how safe this
is, whether source code is available etc etc. But if you're desperate,
and willing to do whatever it takes to get the data back, something
like this might work.

http://www.raymond.cc/blog/archives/2006/11/22/how-to-crack-windows-account-password/

http://en.wikipedia.org/wiki/Ophcrack

Paul
 
S

sanjacstudent12

Flightless Bird
"Anteaus" wrote:

> You basically have two options: remember the password, or try accessing the
> files as Administrator. (which account is usually set as the recovery agent
> on a nondomain computer)
>
> "Oliver" wrote:
>
> > Hi,
> >
> > I recently forgot the password to my user account on my local machine, so I
> > looged in as administrator and did a password reset for my user account. When
> > I went back into the user account, I could no longer access any of the
> > encrypted files. Why is this and how can I make them accessible again?


No, logging in as an administrator will not work. The only way to access
those files without the encryption key is with the password.

There are tools out there that may be able to crack the password, but there
is no guarantee that they will work for you.
 
T

Twayne

Flightless Bird
In news:95C7D6AC-CF7F-49C2-8B3B-06A9C07D10E7@microsoft.com,
sanjacstudent12 <sanjacstudent12@discussions.microsoft.com>
typed:
> "Anteaus" wrote:
>
>> You basically have two options: remember the password, or
>> try accessing the files as Administrator. (which account
>> is usually set as the recovery agent on a nondomain
>> computer)
>>
>> "Oliver" wrote:
>>
>>> Hi,
>>>
>>> I recently forgot the password to my user account on my
>>> local machine, so I looged in as administrator and did a
>>> password reset for my user account. When I went back into
>>> the user account, I could no longer access any of the
>>> encrypted files. Why is this and how can I make them
>>> accessible again?

>
> No, logging in as an administrator will not work. The only
> way to access those files without the encryption key is
> with the password.
>
> There are tools out there that may be able to crack the
> password, but there is no guarantee that they will work for
> you.


To date, and this is something I watch for all the time, there
has never been anything that could crack the passwords if the
password was anything barely useful as a password. e.g., not
their last name, etc..
 
D

dennis

Flightless Bird
On 18-04-2010 18:50, Twayne wrote:

> To date, and this is something I watch for all the time, there
> has never been anything that could crack the passwords if the
> password was anything barely useful as a password. e.g., not
> their last name, etc..


Depending on the configuration of Windows, "skRV96vhP!z" is cracked very
fast
 
T

Twayne

Flightless Bird
In news:%23p4RQix3KHA.1716@TK2MSFTNGP05.phx.gbl,
dennis <1@1.invalid> typed:
> On 18-04-2010 18:50, Twayne wrote:
>
>> To date, and this is something I watch for all the time,
>> there has never been anything that could crack the
>> passwords if the password was anything barely useful as a
>> password. e.g., not their last name, etc..

>
> Depending on the configuration of Windows, "skRV96vhP!z" is
> cracked very fast


Well that says a lot of nothing.
 
Top