How do I keep from losing access to encrypted files after a password reset?

Encrypted Existence

Encrypted Existence

Well-Known Member
Reaction score
87
Hello all. I just read Bryce's latest article on resetting a Windows password using utilman.exe. This is not the way that I go about resetting passwords but I would like to ask a question that stemmed from reading his article. When resetting a customer's password, how can I keep from losing access to their encrypted files when I do not know the previous password? Can I use konboot to boot into windows and then export the encryption certificate? I would like to know how you guys go about this because the last thing I want is to reset a password for a customer and then realize that they now do not have access to their encrypted (and most important) files. Thanks.
 
Personally I've never run into this problem, so don't take this as gospel. I think the best way to deal with this would be to use Ophcrack; it doesn't manipulate the SAM file and if it finds the password then you can login normally using the correct password and view all the files. I think using Konboot would work to boot the machine and view/copy the files, but otherwise I'm not sure.
 
my understanding is that kon-boot just bypasses the login screen. So there is no need for a password reset.
 
Last edited:
iisjman07 said:
Personally I've never run into this problem, so don't take this as gospel. I think the best way to deal with this would be to use Ophcrack; it doesn't manipulate the SAM file and if it finds the password then you can login normally using the correct password and view all the files. I think using Konboot would work to boot the machine and view/copy the files, but otherwise I'm not sure.
Click to expand...

Thanks. I will give Ophcrack a look.

What about using a MsDart disk? Should be ok with that or am I missing the point?
Click to expand...

I know the MsDart discs will reset the PW with no issue. My concern is that if I use any sort of password utility to reset the PW and I do not know what the previous PW was then I will lose access to all encrypted files because the previous PW (the one I reset) was used to create the hash to encrypt the files.


Thanks for the replies.
 
Only way to find out is create the situation yourself on one of your bench or testing computers...or virtually too. Thats how i test things out before i actually do it to a customers pc. Good luck and let us know what works for you.
 
Trusted IT Solutions said:
Thanks. I will give Ophcrack a look.
Click to expand...

Ophcrack was pretty infallible with XP but I'm thinking I read that it won't crack passwords longer than 8 characters in Vista or Win 7. Or, more correctly, the size of the rainbow tables that need to be loaded to break passwords longer than eight characters are in excess of the terabyte range.
 
You could always backup all their data first then do the password reset if needed.
 
PCX said:
You could always backup all their data first then do the password reset if needed.
Click to expand...

But if they had encrypted files that were part of the backup and then I reset the password without knowing the old password wouldn't I lose access to all the encrypted files?
 
Trusted IT Solutions said:
But if they had encrypted files that were part of the backup and then I reset the password without knowing the old password wouldn't I lose access to all the encrypted files?
Click to expand...

That is a good question . . . I am not sure how it would work for backups. However, I imagine that the original file should still be on their computer regardless of the backup. I personally have never had any issues with this. Those who even know what encryption is do not even come into my shop. Regardless of that, it should be very few and far in between who do not remember their password and chances are, they probably do not have encrypted files.

And just on a side note, there is an easier way to do this process . . . its similar, but easier. Also, I do not remember ever seeing a warning for encrypted files the way I do it, but that may be just something I never paid attention to . . . .
 
Last edited:
You must log in or register to reply here.

Similar threads

Velvis
Moving a Google Chrome Profile from Mac to PC without a Google password
Replies
5
Views
432
timeshifter
timeshifter
Velvis
Want to access Verizon email (now AOL) through Gmail
Replies
4
Views
397
britechguy
britechguy
HCHTech
RDP over VPN into AzureAD-joined machine
Replies
10
Views
1K
Sky-Knight
Sky-Knight
Velvis
Windows Security asking for PIN to sign into AOL Mail
Replies
5
Views
295
britechguy
britechguy
thecomputerguy
Client locked out of MSN account in an interesting way.
Replies
7
Views
1K
thecomputerguy
thecomputerguy
Back
Top