Encrypted File Recovery
As we saw in the last topic, a long sequence of events fire off when a user opens an encrypted file. EFS must access the user's private key, which requires help from DPAPI to use the Session key derived from the Master key, which is itself protected by a key containing the user's password hash.
If the user leaves the company or goes on vacation or dies or just plain gets stubborn and refuses to open a file, you can reset the user's password in Active Directory and then log on as the user. The DPAPI will build a new Master key with the new password hash and use a Session key derived from this Master key to re-encrypt the private keys.
If commandeering a user's account is not an option, you can open the user's encrypted ...
Get Inside Windows® Server 2003 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
