Moving EFS files to new FPS

I'm doing a migration this weekend and just noticed that some users have EFS protected files. I'm trying to figure out if there EFS filesare going to be toast after the migration. I'm migrating a server running SBS 2008 to three new servers which will be the new DC/Exchange server/File & Print server. The new FPS server will host the EFS docs. When I shut down the SBS server, will that break the cert chain and thus make those EFS docs unaccessible?

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

Hyper-Me

I would tell everyone to decrypt their files prior to the move.

I'm not sure if EFS certs are stored in 2003 domains by default, I know in 2008 they are and are even recovered when you do a restore on an object.

rsutton

We already sent an email telling users to decrypt their crap. Hopefully they will listen!

RobertKaucher

I would bet that it will. Have you backed up the keys? Is there a recovery agent?

Can you do a P2V on the old server before you decomission it? If you could move it over to a VMware server system before you take it down, I would. Just in case.

rsutton

All our servers are on VMWare so no worries there. I actually found a cool utility called EFSinfo that scans a volume and reports back all encrypted files. In my case it turns out almost all of them were MP3's. There were only two files of any importance.

HeroPsycho

rsutton wrote: »

I actually found a cool utility called EFSinfo that scans a volume and reports back all encrypted files...

Easy PowerShell way...

get-childitem E:\ -recurse | where-object {$_.mode -like "*E*"}

Hyper-Me

rsutton wrote: »

All our servers are on VMWare so no worries there. I actually found a cool utility called EFSinfo that scans a volume and reports back all encrypted files. In my case it turns out almost all of them were MP3's. There were only two files of any importance.

Thats when you just delete them and be on your merry way