# Retrieving data from an encrypted laptop hard drive



## rudyard

Hi,

I have a works laptop with all my files stored on the hard drive.  The laptop was encrypted by my work a few months ago.  I want to retrieve my files on to another storage device, however it appears that the encryption is preventing me from using any sort of usb storage device and/or burning cds.

Does anyone know a way that I can retrieve my files from the hard drive of the laptop?  (This is legit by the way- all the files are mine!)

Cheers,

R


----------



## tlarkin

Uh good luck.  You do remember the encryption passkey right?  To you know, decrypt it?


----------



## Vampiric Rouge

In addition to needing the passkey to decrypt the drive it sounds like your work might have disabled things like USB and CD so you can't transfer things off it...


----------



## OvenMaster

rudyard said:


> Hi,
> 
> I have a works laptop with all my files stored on the hard drive.  The laptop was encrypted by my work a few months ago.  I want to retrieve my files on to another storage device, however it appears that the encryption is preventing me from using any sort of usb storage device and/or burning cds.
> 
> Does anyone know a way that I can retrieve my files from the hard drive of the laptop?  (This is legit by the way- all the files are mine!)
> 
> Cheers,
> 
> R


I'd contact IT at your work. But if they don't have a copy of any keys or your password, you just may be SOL.


----------



## canivari

rudyard said:


> Hi,
> 
> I have a works laptop with all my files stored on the hard drive.  The laptop was encrypted by my work a few months ago.  I want to retrieve my files on to another storage device, however it appears that the encryption is preventing me from using any sort of usb storage device and/or burning cds.
> 
> Does anyone know a way that I can retrieve my files from the hard drive of the laptop?  (This is legit by the way- all the files are mine!)
> 
> Cheers,
> 
> R



To retrieve those files you need to conect that HDD where you have those files and atach him to another PC where you have an administrator account.
After that you need to take ownership of the files and after that you can do whatever you want with them.
Hope that this solution isnt for you to get in someone else life...
Please note that after doing that, the NTFS permissions will not be the same and after you conect the laptop to the network in the Company,you will need to tell the IT guys that they should correct the permissions again because isnt safe to leave like that
Hope that helps


----------



## tyttebøvs

canivari, you said that also in another thread. If the harddrive is actually encrypted, you cannot just reset some ntfs permissions.


----------



## canivari

tyttebøvs said:


> canivari, you said that also in another thread. If the harddrive is actually encrypted, you cannot just reset some ntfs permissions.



There we go again tyttebøvs....
Do you understand NTFS permissions and ownership in files or folders??
I can teach you if you want to, just need to ask..
Taking ownership of files gonna decript NTFS permissions at the same time is moving to the new owner.


----------



## tyttebøvs

What is it that you don't understand? Encryption is not ntfs permissions. Neither is EFS (http://www.computerforum.com/169515-safety-data.html)


----------



## canivari

tyttebøvs said:


> What is it that you don't understand? Encryption is not ntfs permissions. Neither is EFS (http://www.computerforum.com/169515-safety-data.html)



So what you are trying to say is that you cant break in EFS?
Just need to take ownership of the files and along with it the NTFS permissions gonna be screwed..


----------



## tyttebøvs

You should research what encryption actually means before you teach us more. Just like you did in the x86 thread


----------



## canivari

tyttebøvs said:


> You should research what encryption actually means before you teach us more. Just like you did in the x86 thread



Being an MCSE is that enough for me to teach you or you need a litlle more?


----------



## canivari

tyttebøvs said:


> You should research what encryption actually means before you teach us more. Just like you did in the x86 thread



Ohh the one that you are stating that there wasnt no 36 Bits..yes i remenber...

And after i show you that actually there was for a long time 36Bits you just didnt admitted it that you never heard nothing about it...


----------



## tyttebøvs

You are no MCSE anything, if you tell me that EFS is just ntfs permissions 

Just to edit: You learn about EFS in first chapter or so. Don't tell people that you are something that you are not


----------



## canivari

So what you are trying to say is that you cant break in EFS?
Just need to take ownership of the files and along with it the NTFS permissions gonna be screwed..
I still leave my foot down in the decision..


----------



## canivari

tyttebøvs said:


> You are no MCSE anything, if you tell me that EFS is just ntfs permissions
> 
> Just to edit: You learn about EFS in first chapter or so. Don't tell people that you are something that you are not



A+ IT Technician,Network Administrator (Network +),MCP,MCSA,MCITP (2008) and MCSE..


----------



## canivari

Do you know the meaning of the initials or you want me to translate that for you?


----------



## tyttebøvs

As I have said before, you are a funny guy, and you remind me of pc_eye, but I think I am done here


----------



## canivari

Everything said..donne here too.


----------



## canivari

probably microsoft can give a hand here:
http://support.microsoft.com/?kbid=308421


----------



## tyttebøvs

You still have no clue as to what we are talking about.


----------



## canivari

rudyard said:


> Hi,
> 
> I have a works laptop with all my files stored on the hard drive.  The laptop was encrypted by my work a few months ago.  I want to retrieve my files on to another storage device, however it appears that the encryption is preventing me from using any sort of usb storage device and/or burning cds.
> 
> Does anyone know a way that I can retrieve my files from the hard drive of the laptop?  (This is legit by the way- all the files are mine!)
> 
> Cheers,
> 
> R





canivari said:


> To retrieve those files you need to conect that HDD where you have those files and atach him to another PC where you have an administrator account.
> After that you need to take ownership of the files and after that you can do whatever you want with them.
> Hope that this solution isnt for you to get in someone else life...
> Please note that after doing that, the NTFS permissions will not be the same and after you conect the laptop to the network in the Company,you will need to tell the IT guys that they should correct the permissions again because isnt safe to leave like that
> Hope that helps





tyttebøvs said:


> You still have no clue as to what we are talking about.



...
Yes ..with that i am starting to really understand in wich world you live...


----------



## tyttebøvs

As I've told you. Look up the word "encryption". After that, look up what EFS is, so you can understand your answer in the other thread. If you one that actually takes those exams, you will also know.


----------



## canivari

All the Administrators in a Windows based machine that supports NTFS can take ownership of any EFS.
In this case, rudyard is just a user in the scenario and if he doesnt want to ask the guys from IT to modify the NTFS on those files he needs to atach the HDD in a Windows where he can be a Administrator and take ownership of the files..thats it..
Along with it it will screw with NTFS permissions.


----------



## tyttebøvs

No, you still don't understand EFS.

Another point. The OP didn't say what kind of encryption there was used.


----------



## tyttebøvs

Let me teach you a new word, which you should know if you were MCSE.

The only time an administrator can take ownership of other users EFS-files, is if he is a recovery agent.


----------



## canivari

tyttebøvs said:


> No, you still don't understand EFS.
> 
> Another point. The OP didn't say what kind of encryption there was used.



rudyard works in a medium ,big company that works with AD (if you dont know what that is, it stands for Active Directory where everything works with Share permissions,NTFS permissions and EFS...
If it was being used another type of Encryption i believe rudyard will tells us that he is using an Hardware Key or a specific program to acess to the files..


----------



## canivari

tyttebøvs said:


> Let me teach you a new word, which you should know if you were MCSE.
> 
> The only time an administrator can take ownership of other users EFS-files, is if he is a recovery agent.



All Administrators are "recovery agents" in all Windows...
Ohh boy...you are slow heinnn...


----------



## tyttebøvs

canivari said:


> All Administrators are "recovery agents" in all Windows...
> Ohh boy...you are slow heinnn...



You make me laugh.


----------



## canivari

tyttebøvs said:


> You make me laugh.



Dont choke while laughing ok??
I would miss you....


----------



## canivari

And by the way you learn about recovery agent just berely being an MCP (70-270)..


----------



## canivari

Ohh man i think he choked..isnt online anymore...
Does anyone know is adress because i would like to send some flowers...
R.I.P. tyttebøvs 
Well since i dont know your adress:




Here you go..you deserve them..


----------



## tyttebøvs

PC_eye was banned because of all his BS ...


----------



## canivari

tyttebøvs said:


> PC_eye was banned because of all his BS ...



Tyttebøvs,
Seriously, whats wrong with you?
I have a person that is trying to help another one with background support (hyperlinks for the responsibles,explanations how they work and actually how to do it and you just stand there stating that isnt possible but you dont get any background support for your awnsers..??
Its just what you believe (not even the authors of the systems you believe??)
Now, I gave a solution to rudyard even if you dont agree (and if you dont agree show me and show rudyard were is wrong "with proves" and how to solve is problem correctly).
I allready had a lot of people like you, and in the end they just wanted some public atention..
Is tht what you are looking for?


----------



## tyttebøvs

Try and look at your answers (not just here, but also in other threads). Why should I use more of my time to help _you_? You state that you have taken the MCSE exam. I don't believe you (you cannot even understand the basis of encryption/EFS).

Encryption: if you think a little, do you really think that you can break encrypted files on a foreign harddrive just by resettings some permissions, just because you have administrative rights on your pc?

No more secrets in this world.

PS: I actually helped you by telling you about "recovery agents". Try and look it up at microsoft.com. They also have some lenghty documents about how EFS works.


----------



## heavybarrell

rudyard said:


> Hi,
> 
> I have a works laptop with all my files stored on the hard drive.  The laptop was encrypted by my work a few months ago.  I want to retrieve my files on to another storage device, however it appears that the encryption is preventing me from using any sort of usb storage device and/or burning cds.
> 
> Does anyone know a way that I can retrieve my files from the hard drive of the laptop?  (This is legit by the way- all the files are mine!)
> 
> Cheers,
> 
> R



Has the problem been solved?


----------



## tlarkin

If the entire file system is encrypted, the only way anyone else can retrieve the data is that if the Admin that set it up, set up some sort of disaster recovery account so that in the event the user forgets their password, they can un-encrypt the drive.

If it is just the user's home folder that is encrypted then it usually uses some sort of key chain or password wallet, that uses the actual user's password to decrypt the drive.

If those passwords are not available, the data is done for the most part.  As cracking encryption is not possible, unless it was TKIP encryption or another known exploited encryption.  However, I am almost 100% certain that almost all file system level encryption products use some form of AES encryption, which is not currently crack-able.

/end of thread


----------



## tyttebøvs

Here is a link: http://support.microsoft.com/kb/223316

They mention "recovery agent" many times to let you know how important they are. I like this one:

"If the key pair is lost or damaged and you have not designated a recovery agent, and *then there is no way to recover the data*."


----------



## tlarkin

I think he is confused because of the older feature in XP where you can make a folder "private" and if you boot off a power tool like ERD, you can modify the permissions to make it "un-private," but is not to be confused with actual encryption.


----------



## canivari

Well ,so have been a lot of luck in the all of the Computers that i hve been working and decryting..Because so far i was able to do it.
But you need to be an Admin in the Computer to do it!
And that is because you cant delete the Administrators or the System it self being at the level of NTFS permissions or else you could never retrieve them back if the user just died or went to anoter company..
After being connected to another PC,the encrypted files will be part of the sustem, and in this case in the system where you are an Admin,and with that you can take ownership of all the files and folders that you need asking under owner the option that says "Replace owner on subcontainers and objects" with your Admin account..and thats it..
Click in apply, he will warn you that you will change the owner of the files or folders and (unfortunately he will screw up the NTFS permissions but thats a small price to pay to decryp them)and OK.
Open the files and do what you need to do with them..
Please note again that after doing that, the NTFS permissions will not be the same and after you connect the laptop to the network in the Company,you will need to tell the IT guys that they should correct the permissions again because isnt safe to leave like that.
Yes?


----------



## tlarkin

canivari said:


> Well ,so have been a lot of luck in the all of the Computers that i hve been working and decryting..Because so far i was able to do it.
> But you need to be an Admin in the Computer to do it!
> And that is because you cant delete the Administrators or the System it self being at the level of NTFS permissions or else you could never retrieve them back if the user just died or went to anoter company..
> After being connected to another PC,the encrypted files will be part of the sustem, and in this case in the system where you are an Admin,and with that you can take ownership of all the files and folders that you need asking under owner the option that says "Replace owner on subcontainers and objects" with your Admin account..and thats it..
> Click in apply, he will warn you that you will change the owner of the files or folders and (unfortunately he will screw up the NTFS permissions but thats a small price to pay to decryp them)and OK.
> Open the files and do what you need to do with them..
> Please note again that after doing that, the NTFS permissions will not be the same and after you connect the laptop to the network in the Company,you will need to tell the IT guys that they should correct the permissions again because isnt safe to leave like that.
> Yes?



Microsoft's version of POSIX NTFS Permissions is not the same thing as encryption.  If you make a home folder private, ie no one can view it but the owner, you can modify the permission at the file system level to remedy this.

If it is actually encrypted you need the encryption passkey, otherwise it will just not work.  If you were simply able to just decrypt anything with local admin access, how would that even be a valid security measure?  I suggest you download and read the NSA security PDF on securing Windows servers and systems.  There is a lot of good information about file system encryption in there.


----------



## canivari

tlarkin said:


> Microsoft's version of POSIX NTFS Permissions is not the same thing as encryption.  If you make a home folder private, ie no one can view it but the owner, you can modify the permission at the file system level to remedy this.
> 
> If it is actually encrypted you need the encryption passkey, otherwise it will just not work.  If you were simply able to just decrypt anything with local admin access, how would that even be a valid security measure?  I suggest you download and read the NSA security PDF on securing Windows servers and systems.  There is a lot of good information about file system encryption in there.



Exactly and in  rudyard case is exactly the NTFS permissions that isnt allowing it to move the files to CDs or put them in USB storages (and thats what he as been complaining isnt it?)..
He only got something like read and write with no other special NTFS permissions...


----------



## tyttebøvs

This entire thread has been about encryption and EFS...


----------



## canivari

I dont believe that the guys from IT encryted the files and put rudyard as a "recovey agent??"


----------



## tyttebøvs

No, why should they?


----------



## canivari

tyttebøvs said:


> This entire thread has been about encryption and EFS...



Tyttebøvs, a Guy have a problem with one thing like NTFS permissions and your answer is "Yea lets talk about encrytion and EFS and EFS isnt the problem from the begining here is it??


----------



## tlarkin

The OP never claimed anything other than he lost his password for his encrypted file system.  If the OP was in error, and meant that his home folder had been made private via MS POSIX perms for NTFS, then he never declared that.  He just stated encryption, and with out a recovery agent, or a recovery account, or the passkey, you are not getting that data.



> Hi,
> 
> I have a works laptop with all my files stored on the hard drive. The laptop was encrypted by my work a few months ago. I want to retrieve my files on to another storage device, however it appears that the encryption is preventing me from using any sort of usb storage device and/or burning cds.
> 
> Does anyone know a way that I can retrieve my files from the hard drive of the laptop? (This is legit by the way- all the files are mine!)
> 
> Cheers,



There has been 5 pages of useless squabble on this thread....

Now, most likely, and I am assuming here, his work enabled bit locker, which encrypts the file system of the home folder only.  You are required to create bit locker keys to copy data to other forms of storage outside your home folder, ie a usb thumb drive or a CD.  This is because it needs the encryption key copied with it, so it can actually read the data it is copying.

http://windows.microsoft.com/en-US/windows7/What-is-a-BitLocker-recovery-key

So, in theory, and I don't use bit-locker, you would need the key to be on any device you want to authorize to copy encrypted data from your home folder.  Permissions have zilch to do with this.  Unless the OP comes back and clarifies differently.


----------



## canivari

rudyard said:


> Hi,
> 
> I have a works laptop with all my files stored on the hard drive.  The laptop was encrypted by my work a few months ago.  I want to retrieve my files on to another storage device, however it appears that the encryption is preventing me from using any sort of usb storage device and/or burning cds.
> 
> Does anyone know a way that I can retrieve my files from the hard drive of the laptop?  (This is legit by the way- all the files are mine!)
> 
> Cheers,
> 
> R



And i think that i just a found the solution:Try to copy the files
to a external HDD formatted in NTFS (that should do it,because it will move the NTFS permissions along to the new drive (execpt for sharing permission of course..)
Your problem so far,i believe was that you were trying to copy it to a USB Pen (formatted in FAT32??) and for a CD (CDFS)


----------



## tlarkin

canivari said:


> And i think that i just a found the solution:Try to copy the files
> to a external HDD formatted in NTFS (that should do it,because it will move the NTFS permissions along to the new drive (execpt for sharing permission of course..)
> Your problem so far,i believe was that you were trying to copy it to a USB Pen (formatted in FAT32??) and for a CD (CDFS)



*sigh*


----------



## canivari

tlarkin said:


> *sigh*




Ohhh you got me now...
very good..


----------



## canivari

Tlarkin think a little:
why would the Guys from IT encrypte the files with EFS with a Administrator account??
Everything is around NTFS permissions here..


----------



## canivari

In that way rudyard couldnt work them in is Laptop would he?
He just need to make a backup of is own files that are probably Offline files from the server that have atached to them NTFS permissions..


----------

