Windows Internals

How to recover data from a deleted, BitLocker enabled partition? – 2017 Edition

Posted by on Jan 7, 2017 in BitLocker, Featured | 0 comments

How to recover data from a deleted, BitLocker enabled partition? – 2017 Edition

In the mid of 2013 I wrote a post about recovering a deleted, BitLocker enabled Partition using Windows Server 2012. Back then the state of the art encryption method was AES 128. Now that we got Windows 10 and XTS-AES 256 encryption some people seem to have problems running through the steps of the old article. That’s why I decided to spend some time to try this on a modern OS with modern encryption. So this time, to save me some time, I used a 5GB VHD file lying on a bunch of SSDs. In real life the whole process may take several hours to several days, depending on your machine, the size and...

Read More

How to purge Kerberos tickets of the system account

Posted by on Mar 30, 2016 in Active Directory, Environment | 0 comments

How to purge Kerberos tickets of the system account

… or: How to update group membership information of the computer account. When updating Active Directory group membership of your users you usally ask them to logoff and logon again. You don’t tell them why, you just tell them to do so. What happens? When logging on again the group membership information of a user (within their kerberos tickets) gets updated and they can access the ressources they have access to. You can check which tickets a user has by using the klist command: But how about the system / computer account. You can’t logoff and logon the system account. You...

Read More

Ambiguous Name Resolution (ANR) for LDAP

Posted by on Dec 7, 2013 in Active Directory | 0 comments

Ambiguous Name Resolution (ANR) for LDAP

What is ANR? Ambiguous Name Resolution (ANR) is an efficient search algorithm associated with Lightweight Directory Access Protocol (LDAP) clients that allows for objects to be bound without complex search filters. ANR is useful when you are locating objects and attributes that may or may not be known by the client. A common use for ANR, for example, is in a situation in which a building name is known by the requesting client, but not the associated number. In this case, the physicalDeliveryOfficeName attribute may have a value of “Building 40” and a client might search for...

Read More

How to get some information on Bitlocker using Visual Basic and WMI?

Posted by on Nov 29, 2013 in BitLocker, VB, WMI | 0 comments

How to get some information on Bitlocker using Visual Basic and WMI?

I have been asked on my post about How to get some information on Bitlocker using VBScript and WMI? if I could provide a solution using Visual Basic. Here it is: Imports System.Management 'Need to add System.Management reference to solution Module Module1 Sub Main() Dim arEncryptionMethod = {"None", "AES 128 With Diffuser", "AES 256 With Diffuser", "AES 128", "AES 256"} Dim arProtectionStatus = {"Protection Off", "Protection On", "Protection Unknown"} Dim arConversionStatus = {"Fully Decrypted",...

Read More

How to recover data from a deleted, BitLocker enabled partition?

Posted by on Jul 25, 2013 in BitLocker, Featured | 22 comments

How to recover data from a deleted, BitLocker enabled partition?

Since I ran across this problem some time ago and I couldn’t find some good information about the topic I decided to write this how to. We’ll start with a 20GB partition on one of my drives. I moved some data there, about 450MB, just so we have actually data on it. You can see information from Disk Management MMC and the folder structure in the next 2 screenshots: The next screenshot shows the BitLocker status for that partition. Please take note of the 48 digit recovery key separated by dashes into 6 groups – you’ll need that one later. In enterprise environments...

Read More

“No such object” when configuring TPM on Windows Server 2012 or Windows 8

Posted by on Feb 13, 2013 in Active Directory, BitLocker, Group Policies | 0 comments

“No such object” when configuring TPM on Windows Server 2012 or Windows 8

Scenario: You have a Windows Server 2012 or Windows 8 computer with TPM and you store your Bitlocker recovery and TPM owner information in Active Directory. When trying to configure the TPM hardware by using tpm.msc you get this error: Turn on the TPM security hardware This computer may require you to change the state of the Trusted Platform Module (TPM) manually. To perform this action, try turning on the TPM through the BIOS or performing a firmware update. Consult the computer manufacture’s documentation for instructions. There is no such object on the server. Error code: 0x80072030...

Read More