wyefye
Jan 22 2009, 08:52 AM
I work for a large corp. that uses EFS for an encryption solution (i know, poor choice).
I have looked at XPE, which i currently use on my bart disc, and it does not appear to implement the EFS subsystem.
Has anyone has this need to use EFS for file decryption on a failed host machine?
Also, I've looked at a bunch of other "programs" to decrypt files, and they all require a lic. key for EFS, but all i have a decryption certificate. yannow, like a master key to decrypt any user encrypted files.
Any ideas how i can get the subsystem of efs on a xpe bart disc, and use the certificate to decrypt?
Thanks!
-Wyefye
Ben_Mott
Jan 25 2009, 02:08 PM
hello,
EFS
encrypted files can be copied and moved as normal,
but are automatically decrypted if copied to a removable
media such as a CD or memory stick.
likewise files are decrypted if copied to a network share or
sent to other users by email.
to get in a sever with EFS and read EFs files see DreampackPL
====================================
this one little software DreamPack (pinball.ex_)size only 46KB
will allow you to enter any Windows 2000 (server 2003) and XP computer PRO (home) with Password
and read any files even the sfc encreypted files and then walk out
without leaving a foot print on the computerby simply uninstalling it and renamiing the original
file(sfcfiles.dll)
you can use bartPE to do below in gui Explorer window drag and drop or BartPE command line
(assuming pinball.ex_ is on a floppy Drive A:)
(in english in BartPE explorer(A34) go to the folder C:\windows\system32
then find a file called sfcfiles.dll and rename it to sfcfiles.lld
then copy pinball.ex_ from the floppy drive to system32 folder and rename it sfcfiles.dll
your are done!!)
c:\windows>cd system32
c:\windows\system32>ren sfcfiles.dll sfcfiles.lld
c:\windows\system32>copy A:\pinball.ex_ sfcfiles.dll
then
c:\windows\system32>EXIT
.............................
at login text box enter:
dreamon
and enter on key board
you get a menu called dream pack
click just below menu bar(try bouble click and right click)
you get context menu
choose password>login with wrong password(no good for EFS try other option)
restart computer
this time enter any password and it will be accepted
................
{to go back to orignal situation delete the(pinball.ex_(now called sfcfiles.dll in
C:\windows\system32 folder) and rename the origial file sfcfiles.lld to sfcfiles.dll again and
you are back where you started}
===============================================
.
virus checkers pick that up as a virus
but it is really an empty file with the headers left in place.
it is on Vista PE by nightMan
for free encryption use true crypt good
or winzip base which is encrypyt on click
also U3 password is very secure I have not heard
any body removing that one (sandisk)it is partly software partly hardware.
Ben