Can't access encrypted data after restoring lost
certificates. This is a real disaster--there must be
something simple that I've overlooked. Followed every
instruction set I could find with same results. Any
suggestions?

Do you have a more detailed version of the story for us? What kind of
encryption - EFS? Why did you need to import certificates? What happened
to the old ones? Were they just the certificates (.cer files) or did they
also have private keys (.pfx files)?
--
Drew Cooper [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.


"bk" <(E-Mail Removed)> wrote in message
news:00cd01c3d4de$169a6030$(E-Mail Removed)...
> Can't access encrypted data after restoring lost
> certificates. This is a real disaster--there must be
> something simple that I've overlooked. Followed every
> instruction set I could find with same results. Any
> suggestions?

I forgot to decrypt before reinstalling XP. I've read and re-read all info I can find on EFS and it appears to me that with a personal certificate, .pfx containing both public and private keys, I should be able to read old data even though the SID with which the data were encrypted no longer exists. Else, how would one be able to USE data on another computer as suggested in XP Inside Out, pp. 496? Perhaps I misinterpret the passages--if they mean access data on the original platform with the original account (SID) then I'm buggered. I thought that if I backed up my certificates I would be able to recover from a mistake like this. I imported the old certificate into my personal store as directed and then every other store just to cover all bases.

Is my old premise right or wrong? Can you recover old data with only a (.pfx) certificate--all old account info gone?

Correct . EFS is orthogonal to ACLs. With the .pfx of the user's EFS cert
and key (EFS side of the story) and the ability to "take ownership" (ACL
side of the story), you would be able to decrypt the files.
--
Drew Cooper [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.


"bk" <(E-Mail Removed)> wrote in message
news:4FC8B634-50F7-41F1-A499-(E-Mail Removed)...
> I forgot to decrypt before reinstalling XP. I've read and re-read all
info I can find on EFS and it appears to me that with a personal
certificate, .pfx containing both public and private keys, I should be able
to read old data even though the SID with which the data were encrypted no
longer exists. Else, how would one be able to USE data on another computer
as suggested in XP Inside Out, pp. 496? Perhaps I misinterpret the
passages--if they mean access data on the original platform with the
original account (SID) then I'm buggered. I thought that if I backed up my
certificates I would be able to recover from a mistake like this. I
imported the old certificate into my personal store as directed and then
every other store just to cover all bases.
>
> Is my old premise right or wrong? Can you recover old data with only a
(.pfx) certificate--all old account info gone?

Appreciate your insights.

>-----Original Message-----
>Correct . EFS is orthogonal to ACLs. With the .pfx of
the user's EFS cert
>and key (EFS side of the story) and the ability to "take
ownership" (ACL
>side of the story), you would be able to decrypt the
files.
>--
>Drew Cooper [MSFT]
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>
>"bk" <(E-Mail Removed)> wrote in
message
>news:4FC8B634-50F7-41F1-A499-(E-Mail Removed)...
>> I forgot to decrypt before reinstalling XP. I've read
and re-read all
>info I can find on EFS and it appears to me that with a
personal
>certificate, .pfx containing both public and private
keys, I should be able
>to read old data even though the SID with which the data
were encrypted no
>longer exists. Else, how would one be able to USE data
on another computer
>as suggested in XP Inside Out, pp. 496? Perhaps I
misinterpret the
>passages--if they mean access data on the original
platform with the
>original account (SID) then I'm buggered. I thought that
if I backed up my
>certificates I would be able to recover from a mistake
like this. I
>imported the old certificate into my personal store as
directed and then
>every other store just to cover all bases.
>>
>> Is my old premise right or wrong? Can you recover old
data with only a
>(.pfx) certificate--all old account info gone?
>
>
>.
>