How do I keep from losing access to encrypted files after a password reset?

[Trusted IT Solutions]

Hello all. I just read Bryce's latest article on resetting a Windows password using utilman.exe. This is not the way that I go about resetting passwords but I would like to ask a question that stemmed from reading his article. When resetting a customer's password, how can I keep from losing access to their encrypted files when I do not know the previous password? Can I use konboot to boot into windows and then export the encryption certificate? I would like to know how you guys go about this because the last thing I want is to reset a password for a customer and then realize that they now do not have access to their encrypted (and most important) files. Thanks.

[iisjman07]

Personally I've never run into this problem, so don't take this as gospel. I think the best way to deal with this would be to use Ophcrack; it doesn't manipulate the SAM file and if it finds the password then you can login normally using the correct password and view all the files. I think using Konboot would work to boot the machine and view/copy the files, but otherwise I'm not sure.

[Martyn]

What about using a MsDart disk? Should be ok with that or am I missing the point?

[tf76]

my understanding is that kon-boot just bypasses the login screen. So there is no need for a password reset.

[Trusted IT Solutions]

Quote:

Originally Posted by iisjman07

Personally I've never run into this problem, so don't take this as gospel. I think the best way to deal with this would be to use Ophcrack; it doesn't manipulate the SAM file and if it finds the password then you can login normally using the correct password and view all the files. I think using Konboot would work to boot the machine and view/copy the files, but otherwise I'm not sure.

Thanks. I will give Ophcrack a look.

Quote:

What about using a MsDart disk? Should be ok with that or am I missing the point?

I know the MsDart discs will reset the PW with no issue. My concern is that if I use any sort of password utility to reset the PW and I do not know what the previous PW was then I will lose access to all encrypted files because the previous PW (the one I reset) was used to create the hash to encrypt the files.


Thanks for the replies.

[kevinjhaag]

Only way to find out is create the situation yourself on one of your bench or testing computers...or virtually too. Thats how i test things out before i actually do it to a customers pc. Good luck and let us know what works for you.

[mm201]

Quote:

Originally Posted by Trusted IT Solutions

Thanks. I will give Ophcrack a look.

Ophcrack was pretty infallible with XP but I'm thinking I read that it won't crack passwords longer than 8 characters in Vista or Win 7. Or, more correctly, the size of the rainbow tables that need to be loaded to break passwords longer than eight characters are in excess of the terabyte range.

[PCX]

You could always backup all their data first then do the password reset if needed.

[Trusted IT Solutions]

Quote:

Originally Posted by PCX

You could always backup all their data first then do the password reset if needed.

But if they had encrypted files that were part of the backup and then I reset the password without knowing the old password wouldn't I lose access to all the encrypted files?

[PCX]

Quote:

Originally Posted by Trusted IT Solutions

But if they had encrypted files that were part of the backup and then I reset the password without knowing the old password wouldn't I lose access to all the encrypted files?

That is a good question . . . I am not sure how it would work for backups. However, I imagine that the original file should still be on their computer regardless of the backup. I personally have never had any issues with this. Those who even know what encryption is do not even come into my shop. Regardless of that, it should be very few and far in between who do not remember their password and chances are, they probably do not have encrypted files.

And just on a side note, there is an easier way to do this process . . . its similar, but easier. Also, I do not remember ever seeing a warning for encrypted files the way I do it, but that may be just something I never paid attention to . . . .