Description
====================
We have a PC that was used by employee who left company long time ago. One day, we need to get some files from this PC and find all files are encrypted by windows EFS. It needs user account to decrypt it but we don't have it because it was deleted long time ago.
Solution
====================
Fortunately, this is a domain PC and I can use domain administrator certificate to decrypt the files.
1. Login to domain controller with domain administrator privilege, export Administrator certificate with private key.
2. Login to PC with local administrator account.
3. Change the files owner to local administrator.
4. Get the full access right on files (For local Administrator).
5. Double click on the exported certificate and follow the step to import as Personal certificate.
6. Right click on the file and start to decrypt file you need.
No comments:
Post a Comment
Do you like it? Welcome to leave your command.