Go Back   Technibble Forums > Technical Discussions > Security, Viruses and Trojans

  Technibble Sponsor

Reply
 
Thread Tools Display Modes
  #1  
Old 04-22-2012, 10:33 PM
Encrypted Existence Encrypted Existence is offline
 
Join Date: Aug 2011
Posts: 1,239
Encrypted Existence is on a distinguished road
Question How do I keep from losing access to encrypted files after a password reset?

Hello all. I just read Bryce's latest article on resetting a Windows password using utilman.exe. This is not the way that I go about resetting passwords but I would like to ask a question that stemmed from reading his article. When resetting a customer's password, how can I keep from losing access to their encrypted files when I do not know the previous password? Can I use konboot to boot into windows and then export the encryption certificate? I would like to know how you guys go about this because the last thing I want is to reset a password for a customer and then realize that they now do not have access to their encrypted (and most important) files. Thanks.
Reply With Quote
  #2  
Old 04-23-2012, 07:33 AM
iisjman07's Avatar
iisjman07 iisjman07 is offline
 
Join Date: Jul 2009
Location: South End Of The UK
Posts: 3,045
iisjman07 has a spectacular aura aboutiisjman07 has a spectacular aura about
Default

Personally I've never run into this problem, so don't take this as gospel. I think the best way to deal with this would be to use Ophcrack; it doesn't manipulate the SAM file and if it finds the password then you can login normally using the correct password and view all the files. I think using Konboot would work to boot the machine and view/copy the files, but otherwise I'm not sure.
__________________
put that in your pipe and grep it
Reply With Quote
  #3  
Old 04-23-2012, 08:03 AM
Martyn's Avatar
Martyn Martyn is online now
Administrator
 
Join Date: Apr 2010
Location: Bedfordshire UK
Posts: 5,700
Martyn has a spectacular aura aboutMartyn has a spectacular aura about
Default

What about using a MsDart disk? Should be ok with that or am I missing the point?
Reply With Quote
  #4  
Old 04-23-2012, 01:57 PM
tf76's Avatar
tf76 tf76 is offline
 
Join Date: Apr 2010
Location: South Australia
Posts: 557
tf76 has a spectacular aura abouttf76 has a spectacular aura about
Default

my understanding is that kon-boot just bypasses the login screen. So there is no need for a password reset.

Last edited by tf76; 04-23-2012 at 02:10 PM.
Reply With Quote
  #5  
Old 04-23-2012, 02:19 PM
Encrypted Existence Encrypted Existence is offline
 
Join Date: Aug 2011
Posts: 1,239
Encrypted Existence is on a distinguished road
Default

Quote:
Originally Posted by iisjman07 View Post
Personally I've never run into this problem, so don't take this as gospel. I think the best way to deal with this would be to use Ophcrack; it doesn't manipulate the SAM file and if it finds the password then you can login normally using the correct password and view all the files. I think using Konboot would work to boot the machine and view/copy the files, but otherwise I'm not sure.
Thanks. I will give Ophcrack a look.

Quote:
What about using a MsDart disk? Should be ok with that or am I missing the point?
I know the MsDart discs will reset the PW with no issue. My concern is that if I use any sort of password utility to reset the PW and I do not know what the previous PW was then I will lose access to all encrypted files because the previous PW (the one I reset) was used to create the hash to encrypt the files.


Thanks for the replies.
Reply With Quote
  #6  
Old 04-23-2012, 03:02 PM
kevinjhaag kevinjhaag is offline
 
Join Date: Jan 2009
Location: Michigan
Posts: 505
kevinjhaag is on a distinguished road
Default

Only way to find out is create the situation yourself on one of your bench or testing computers...or virtually too. Thats how i test things out before i actually do it to a customers pc. Good luck and let us know what works for you.
Reply With Quote
  #7  
Old 04-24-2012, 07:32 PM
mm201 mm201 is offline
 
Join Date: Apr 2010
Location: Springfield, MO
Posts: 160
mm201 is on a distinguished road
Default

Quote:
Originally Posted by Trusted IT Solutions View Post
Thanks. I will give Ophcrack a look.
Ophcrack was pretty infallible with XP but I'm thinking I read that it won't crack passwords longer than 8 characters in Vista or Win 7. Or, more correctly, the size of the rainbow tables that need to be loaded to break passwords longer than eight characters are in excess of the terabyte range.
Reply With Quote
  #8  
Old 04-24-2012, 07:42 PM
PCX's Avatar
PCX PCX is offline
 
Join Date: Feb 2012
Posts: 2,799
PCX is just really nicePCX is just really nicePCX is just really nicePCX is just really nice
Default

You could always backup all their data first then do the password reset if needed.
__________________
_

Did you run a FULL diagnostic?

Are you tired of getting defective iPhone screens? Try eTech. We used to send back boxes of defective iPhone screens to WGP, now we rarely get them.

"The smartest and most successful people in the world are those who surround themselves with smarter and more successful people than themselves"
Reply With Quote
  #9  
Old 04-24-2012, 08:00 PM
Encrypted Existence Encrypted Existence is offline
 
Join Date: Aug 2011
Posts: 1,239
Encrypted Existence is on a distinguished road
Default

Quote:
Originally Posted by PCX View Post
You could always backup all their data first then do the password reset if needed.
But if they had encrypted files that were part of the backup and then I reset the password without knowing the old password wouldn't I lose access to all the encrypted files?
Reply With Quote
  #10  
Old 04-24-2012, 08:20 PM
PCX's Avatar
PCX PCX is offline
 
Join Date: Feb 2012
Posts: 2,799
PCX is just really nicePCX is just really nicePCX is just really nicePCX is just really nice
Default

Quote:
Originally Posted by Trusted IT Solutions View Post
But if they had encrypted files that were part of the backup and then I reset the password without knowing the old password wouldn't I lose access to all the encrypted files?
That is a good question . . . I am not sure how it would work for backups. However, I imagine that the original file should still be on their computer regardless of the backup. I personally have never had any issues with this. Those who even know what encryption is do not even come into my shop. Regardless of that, it should be very few and far in between who do not remember their password and chances are, they probably do not have encrypted files.

And just on a side note, there is an easier way to do this process . . . its similar, but easier. Also, I do not remember ever seeing a warning for encrypted files the way I do it, but that may be just something I never paid attention to . . . .
__________________
_

Did you run a FULL diagnostic?

Are you tired of getting defective iPhone screens? Try eTech. We used to send back boxes of defective iPhone screens to WGP, now we rarely get them.

"The smartest and most successful people in the world are those who surround themselves with smarter and more successful people than themselves"

Last edited by PCX; 04-24-2012 at 08:22 PM.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 06:32 AM.


Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Technibble.com is based out of MELBOURNE, AUSTRALIA.