Click here to get back home

KRA
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
KRA John 08-21-2007
---> Re: KRA Brian Komar08-21-2007
Posted by John on August 21, 2007, 3:22 pm
Please log in for more thread options
 Hi everyone,

After we format a user's machine we noitice that we forgot to backup the
Certificate.

Now we need to recover both a user certificate and the machine certificate
issued by our internal CA.

Can anyone explain how to do this or indicate any MS paper that explains
that?

Thank you.



Posted by Brian Komar on August 21, 2007, 9:17 pm
Please log in for more thread options
 A couple of questions for you:
1) Have you defined a EFS Data Recovery Agent in the domain?
2) If you have, do you have the PFX file for that certificate available. If
so, a person can log onto the system, import the private key from the PFX
file, and decrypt the files

If you are looking for a true Key Recovery Agent
1) Did you define a Key Recovery Agent at the issuing CA
2) Did you enable key archival in the certificate template
3) Did you verify if the Archived Key attribute reports Yes for the
certificate you wish to recover

If all of these are Yes, then a user assigned Issue and Manage Certificates
permission can use the Key Recovery Tool (KRT) to extract an encrypted blob
of the certificate from the CA database. Then, one of the Key Recovery
Agents can use their private key to decrypt the blob and produce a PKCS#12
file to send to the user.
The user can then import the private key into their profile, and resume
access.

My guess is that your infrastructure is not set up. In this case, the files
are lost. You must redeploy all certificates. Because you have formatted the
user's machine, without a backup, any commercial EFS recovery tools will
fail, as you removed the bits needed to recover the certificates.

Brian
> Hi everyone,
>
> After we format a user's machine we noitice that we forgot to backup the
> Certificate.
>
> Now we need to recover both a user certificate and the machine certificate
> issued by our internal CA.
>
> Can anyone explain how to do this or indicate any MS paper that explains
> that?
>
> Thank you.
>


Posted by John on August 22, 2007, 11:29 am
Please log in for more thread options
Hi Brian
> 1) Have you defined a EFS Data Recovery Agent in the domain?
Yes. But I though that if we recover the certificate for that user the DRA
won't be needed?

> 2) If you have, do you have the PFX file for that certificate available.
> If so, a person can log onto the system, import the private key from the
> PFX file, and decrypt the files
The only certificate that we have is on the CA, we can export it to a PXF (I
think).

> If you are looking for a true Key Recovery Agent
Is there a false one?

> 1) Did you define a Key Recovery Agent at the issuing CA
Yes.

> 2) Did you enable key archival in the certificate template
Yes. Unfortunatly we discover that the computer certificate isn't configured
to key archival so I think that we need to issue a new one (unless you know
some how to attrib the existing one), the problem is that we enable
autoenrollment for computer certificate and the computer Cert is the V1
cert, if i'm not mistaken we need to duplicate the existing computer cert to
V2/3 and enable key archival I'm right?

> 3) Did you verify if the Archived Key attribute reports Yes for the
> certificate you wish to recover.
I looked to the attributes of the certificate and I didn't found "Archived
Key attribute" is this the exact name?





>A couple of questions for you:
> 1) Have you defined a EFS Data Recovery Agent in the domain?
> 2) If you have, do you have the PFX file for that certificate available.
> If so, a person can log onto the system, import the private key from the
> PFX file, and decrypt the files
>
> If you are looking for a true Key Recovery Agent
> 1) Did you define a Key Recovery Agent at the issuing CA
> 2) Did you enable key archival in the certificate template
> 3) Did you verify if the Archived Key attribute reports Yes for the
> certificate you wish to recover
>
> If all of these are Yes, then a user assigned Issue and Manage
> Certificates permission can use the Key Recovery Tool (KRT) to extract an
> encrypted blob of the certificate from the CA database. Then, one of the
> Key Recovery Agents can use their private key to decrypt the blob and
> produce a PKCS#12 file to send to the user.
> The user can then import the private key into their profile, and resume
> access.
>
> My guess is that your infrastructure is not set up. In this case, the
> files are lost. You must redeploy all certificates. Because you have
> formatted the user's machine, without a backup, any commercial EFS
> recovery tools will fail, as you removed the bits needed to recover the
> certificates.
>
> Brian
>> Hi everyone,
>>
>> After we format a user's machine we noitice that we forgot to backup the
>> Certificate.
>>
>> Now we need to recover both a user certificate and the machine
>> certificate issued by our internal CA.
>>
>> Can anyone explain how to do this or indicate any MS paper that explains
>> that?
>>
>> Thank you.
>>
>




Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap