HomeCommentarySecurity >  Vista Password Reset - EFS Problems
Vista Password Reset - EFS Problems PDF Print E-mail
Article Index
Vista Password Reset
The chntpw Utility
The Results
EFS Problems
Vista NTLM Security
Summary and Video
All Pages
Page 4 of 6

Figure 12 illustrated how users with EFS encrypted data will lose access to this data if a password reset or change occurs from OUTSIDE of the operating system. This is due to the fact that the certificate key, which is used to encrypt user data, is itself encrypted by the user's password. Therefore, when a password reset or change is done outside of the operating system, the ability to retrieve the certificate key is lost.

This means that on an EFS account, a password clearing or change with a third party utility is out of the question if you want to be able to recover your encrypted data. So where does that leave us? Well, it really means that somehow we need to find out exactly what the original password was.

There are a few proactive measures for password recovery which Windows XP and Vista do offer. For instance, you can create a password reset file on a thumb drive or other removable media which you can then keep somewhere safe and tucked away. Then, when you forget your password, simply insert this media and reset the password as described on many websites.

Another proactive measure is to import a backup of your EFS key certificate which you, hopefully, made! In my case, I did make one, and the steps are briefly described here. I simply insert my thumb drive which contains the backed up certificate and double click the backed up certificate file to automatically start the Certificate Import Wizard (Figure 13). I click "Next" to continue and am prompted to specify the certificate file to import. This has already been selected since I double clicked on the backed up certificate to begin with, so I simply click "Next" again (Figure 14).

Certificate Import WizardSelect Certificate to Import
Figure 13
Figure 14

I then am prompted to enter the password which is protecting the certificate file, select various key options and click "Next" (Figure 15). Windows Vista then wishes to know where to store the certificate once imported and I simply leave the selection as automatic by clicking "Next" again (Figure 16).

Key Passphrase and OptionsCertificate Storage Location
Figure 15
Figure 16

To finish the process of the certificate import all I have to do now is click "Finish" (Figure 17) and we can see that the operation was successful (Figure 18).

Finish Certificate ImportCertificate Import Success!
Figure 17
Figure 18

Now, if we try to open our lorem ipsum file, we find that we have regained access! (Figure 19). Great!

Lorem ipsum EFS Recovered!
Figure 19
Last Updated ( Wednesday, 07 May 2008 14:10 )