Encrypted drive

[terraterm]

Hi All

I have a client, that lost his IT administrator, dropped off the face of the earth.

I'm now trying to recover data off an encrypted disk. Gigabytes of music collection.

The OS is Windows Server 2003, encrypted with, Bestcrypt v2.

I have the initial Bestcrypt password, to boot into the OS, but no one knows the Windows login password, therefore can't login into windows, can't see or access the data.

I have full access to the machine.
What can I use to decrypt the disk, and or salvage the files.

I've tried some Live cd's, but that doesn't help.

Any suggestions?

Thx!!! in advance.

 

[DelJo63]

first try booting Safe Mode and loging in on the Admin account

 

[terraterm]

The problem is no one knows the Admin password.

Whether it's in safe mode or normal mode, still can't login.

 

[DelJo63]

did you try hitting ENTER without typing anything? A great many systems have the
Safe Mode Admin account without a pwd

 

[DelJo63]

another approach is via the Command Prompt

1. create A new account
   net user USERNAME1 PASSWORD /add
   (where USERNAME1 is the new login
   PASSWORD is the new one for this account
   )
2. make it an Admin Account
   net localgroup administrators USERNAME2 /add
   (make USERNAME2 is exactly like USERNAME1

Step one should always work, but step 2 may fail for lack of permissions :sigh:

 

[terraterm]

pls. read my post carefully.

The disk is encrypted.....this is what's causing the issue. without the encryption being removed, you cannot add anything or remove anything. no utility offline or live cd, can see the drive

Blank password on server 2003....I think not.

 

[DelJo63]

pls. read my post carefully.

I did

The disk is encrypted.....this is what's causing the issue.

remains to be seen. You have TWO issues
a) inability to logon
b) the Bestcrypt
For a certainty, Windows logon can not depend upon Bestcrypt. Once you have access to the system, then the Bestcrypt encryption WILL become the issue.
If your assertion is correct, then windows logon needs concurrent passwords
(user account + Bestcrypt) to be known simulatneously - - not a reasonable expectation.

Blank password on server 2003....I think not.

I would not expect it either,
but until you try it - - you find a surprise.

You may be aware that XP/home has a hidden admin login which is only visible via
Save Mode and 90% of those have not password as the majority of Home users dont even know of the login/safe mode operation.

It's your system - - I truly wish you every success.

 

[terraterm]

hi

i will try the blank password thingy...but if they went so far as to encrypt the disk, what are the chances...crossing my fingers...lol

Actually the login is as follows.

Boot system, system then comes to Bestcrypt password prompt, which I have, then it boots into windows, where the password is lost.

since the disk is encrypted, no changes can be made in an offline scenario, until the encryption is removed.

thx!

 

[DelJo63]

Boot system, system then comes to Bestcrypt password prompt, which I have, then it boots into windows, where the password is lost.

AHH! Now that's interesting.

Safe Mode may not work then as there are only 4-5 services started in safe mode--
Best wishes.

 

[terraterm]

yep...

i'll need some luck

thx

 

[Rabbit01]

Something like this might work: http://www.jetico.com/bestcrypt-volume-encryption-plugin-for-bartpe/

Boot the computer w/ the Bart PE, decrypt the drive and then access data using Bart PE's file manager.

I've done something similar w/ my work laptop (XP Pro) sometime ago to retrieve data. The HDD is encrypted w/ Safeboot. I found the Bart PE plugin for it, and booted the computer w/ it. Once the volume was mounted and decrypted, I was able to copy my files to a flash drive.

 

[terraterm]

hi

i will try it out....and post back.

I'll be working on it on the weekend

thx!

 

[terraterm]

hi all

i was able to recover the Admin password, therefore I was able to logon, and use the Bestcrypt software to decrypt the drive.

No blank admin password...I did try that out.

The BARTPE/Jetico plugin, worked, meaning I was able to launch it from the CD, but it couldn't see the drives...didn't try to figure out why, as I now had access to the software itself.

Thx!!

 

[Rabbit01]

Glad to hear it worked out at the end.