I recently had a major system crash, requiring a new operating system
install. I was able to save many of my data files, though I lost all windows
system files and MS applications.

I had encrypted a personal directory, and I see that it managed to be saved,
as it is in the 'USERDATA' file that was created. However it will not allow
me to open it, move it, delete it, or view its content. When I rebuilt my
Windows profile I used the same username and password info, but it still will
not open.

There is no prompt for a password as it was accessible only to my logon
profile with no other security, so only I could view or open it when logged
on.

How can I decrypt this folder?

Thanks

Doug

Hi,
If you talking about EFS encryption, then to decrypt file(s) you need
certificate used to encypt files berofe system crash. Without previous
cerificate your file(s) is/are lost.

Some about EFS
http://www.microsoft.com/technet/pro.../dataprot.mspx

Marcin Domaslawski

U¿ytkownik "Doug" <Doug (E-Mail Removed)> napisa³ w wiadomo¶ci
news:AE94F594-07B9-488E-A9ED-(E-Mail Removed)...
>I recently had a major system crash, requiring a new operating system
> install. I was able to save many of my data files, though I lost all
> windows
> system files and MS applications.
>
> I had encrypted a personal directory, and I see that it managed to be
> saved,
> as it is in the 'USERDATA' file that was created. However it will not
> allow
> me to open it, move it, delete it, or view its content. When I rebuilt my
> Windows profile I used the same username and password info, but it still
> will
> not open.
>
> There is no prompt for a password as it was accessible only to my logon
> profile with no other security, so only I could view or open it when
> logged
> on.
>
> How can I decrypt this folder?
>
> Thanks
>
> Doug

Hi... Thanks for the quick response. I am not proficient enough in MS to know
what 'EFS' is, but what I had done originally is just gave myself the only
security permissions to access the folder, so that only my logon could see or
access it.
All the child folders and files were protected by default.

Since my original post, I have been able to regain ownership and access
permissions to the folder, and can now see all the files, however when I try
to open any of them, whether .doc, .jpg, avi, pdf, etc, I get the same
response, "you do not have permission..." yet when I check the permissions, I
am the owner! I can now move, delete or copy the files, but cannot OPEN them!

If it's any help, the folders and files that are protected or inaccessible
to open, are in GREEN text, vice BLACK for all others.

Thanks

Doug


"Marcin Domaslawski" wrote:

> Hi,
> If you talking about EFS encryption, then to decrypt file(s) you need
> certificate used to encypt files berofe system crash. Without previous
> cerificate your file(s) is/are lost.
>
> Some about EFS
> http://www.microsoft.com/technet/pro.../dataprot.mspx
>
> Marcin Domaslawski
>
> U¿ytkownik "Doug" <Doug (E-Mail Removed)> napisa³ w wiadomo¶ci
> news:AE94F594-07B9-488E-A9ED-(E-Mail Removed)...
> >I recently had a major system crash, requiring a new operating system
> > install. I was able to save many of my data files, though I lost all
> > windows
> > system files and MS applications.
> >
> > I had encrypted a personal directory, and I see that it managed to be
> > saved,
> > as it is in the 'USERDATA' file that was created. However it will not
> > allow
> > me to open it, move it, delete it, or view its content. When I rebuilt my
> > Windows profile I used the same username and password info, but it still
> > will
> > not open.
> >
> > There is no prompt for a password as it was accessible only to my logon
> > profile with no other security, so only I could view or open it when
> > logged
> > on.
> >
> > How can I decrypt this folder?
> >
> > Thanks
> >
> > Doug
>
>
>

Doug N wrote:
> Hi... Thanks for the quick response. I am not proficient enough in MS
> to know what 'EFS' is, but what I had done originally is just gave
> myself the only security permissions to access the folder, so that
> only my logon could see or access it.
> All the child folders and files were protected by default.
>
> Since my original post, I have been able to regain ownership and
> access permissions to the folder, and can now see all the files,
> however when I try to open any of them, whether .doc, .jpg, avi, pdf,
> etc, I get the same response, "you do not have permission..." yet
> when I check the permissions, I am the owner! I can now move, delete
> or copy the files, but cannot OPEN them!
>
> If it's any help, the folders and files that are protected or
> inaccessible to open, are in GREEN text, vice BLACK for all others.
>
> Thanks
>
> Doug
>
>
> "Marcin Domaslawski" wrote:
>
>> Hi,
>> If you talking about EFS encryption, then to decrypt file(s) you need
>> certificate used to encypt files berofe system crash. Without
>> previous cerificate your file(s) is/are lost.
>>
>> Some about EFS
>> http://www.microsoft.com/technet/pro.../dataprot.mspx
>>
>> Marcin Domaslawski
>>
>> U¿ytkownik "Doug" <Doug (E-Mail Removed)> napisa³ w
>> wiadomo¶ci news:AE94F594-07B9-488E-A9ED-(E-Mail Removed)...
>>> I recently had a major system crash, requiring a new operating
>>> system install. I was able to save many of my data files, though I
>>> lost all windows
>>> system files and MS applications.
>>>
>>> I had encrypted a personal directory, and I see that it managed to
>>> be saved,
>>> as it is in the 'USERDATA' file that was created. However it will
>>> not allow
>>> me to open it, move it, delete it, or view its content. When I
>>> rebuilt my Windows profile I used the same username and password
>>> info, but it still will
>>> not open.
>>>
>>> There is no prompt for a password as it was accessible only to my
>>> logon profile with no other security, so only I could view or open
>>> it when logged
>>> on.
>>>
>>> How can I decrypt this folder?
>>>
>>> Thanks
>>>
>>> Doug

The green indicates they are encrypted with XP's rather excellent encryption
system. Since you reinstalled XP, it is now as though they were "stolen"
and put on a different computer. As you can see, the thief would not be
able to crack them without some pretty expensive work.
Unfortunately, neither can you now, without the certificates. That's a
disk you make, so that if you move or reinstall, you'll be able to gain
access to your files again. It's partly MS's fault for not making it
clearer you had to do that, and partly your fault for not reading the
appropriate Help sections about it beforehand.
I'm afraid the files are gone; unless you have an old image of the drive
you can restore long enough to get the protection turned off, and then
reinstall again. I say image because you'll have to restore the entire
operating system from an image for it to work. No image, not gonna work.
The encryption is doing its job.

HTH
Pop`

"Poprivet" wrote:

> The green indicates they are encrypted with XP's rather excellent encryption
> system. Since you reinstalled XP, it is now as though they were "stolen"
> and put on a different computer. As you can see, the thief would not be
> able to crack them without some pretty expensive work.

And 'expensive work' means? Is this similar to WoedPerfect password
encryption? I have files on floppy I have been trying to retreive since 1991!!

> Unfortunately, neither can you now, without the certificates. That's a
> disk you make, so that if you move or reinstall, you'll be able to gain
> access to your files again. It's partly MS's fault for not making it
> clearer you had to do that, and partly your fault for not reading the
> appropriate Help sections about it beforehand.

Shame on me!! :-/

> I'm afraid the files are gone; unless you have an old image of the drive
> you can restore long enough to get the protection turned off, and then
> reinstall again. I say image because you'll have to restore the entire
> operating system from an image for it to work. No image, not gonna work.
> The encryption is doing its job.

No, we had to purchase a new OS entirely. Not even the same version

Oh well, as long as I can delete them (which is odd as I can't retrieve them
or even burn them to CD!).

Thanks for the input, I will stop spending energy on them!

DN
>
> HTH
> Pop`
>
>
>

Doug N wrote:
> "Poprivet" wrote:
>
>> The green indicates they are encrypted with XP's rather excellent
>> encryption system. Since you reinstalled XP, it is now as though
>> they were "stolen" and put on a different computer. As you can
>> see, the thief would not be able to crack them without some pretty
>> expensive work.
>
> And 'expensive work' means? Is this similar to WoedPerfect password
> encryption? I have files on floppy I have been trying to retreive
> since 1991!!

Sorry; expensive means that there ARE businesses that can eventually crack
the certificates or otherwise find ways to get at the data and give you back
the data, but "expensive" means in the hundreds of dollars and upwards of
thousands depending. I've no idea what their processes might be; way beyond
me, I'm sure. They would be similar to the companies that get data off
trashed hard drives but more expensive.

1991 Floppies are almost certainly drink coasters by now.
I don't know anything about WordPerfect's encryption, but I think I'd search
on that one with Google to see what might be available. I'd say there is a
possibility of retrieving some of those, BUT, depending on their age, the
disks might be completely unusable by now anyway.
Floppies do not persist very long; the magnetic media on floppies begins
to degrade almost instantly and a floppy over a year old is very "iffy" as
to whether it contains any retrievable data or not. If those floppies are
1991 vintage, about all they're good for now is going to be drink coasters,
I'm afraid, unless they've been refreshed periodically. I'm afraid they're
a lost cause. When floppies were used for backups most companies had a
"refresh" strategy where the disks were read from and all data written back
to, them every 6 months. Secure files might have been refreshed on say, a
monthly basis.

>
>> Unfortunately, neither can you now, without the certificates.
>> That's a disk you make, so that if you move or reinstall, you'll be
>> able to gain access to your files again. It's partly MS's fault for
>> not making it clearer you had to do that, and partly your fault for
>> not reading the appropriate Help sections about it beforehand.
>
> Shame on me!! :-/

Call it a lesson in encryption. Always make sure to create the encryption
recovery disks.

>
>> I'm afraid the files are gone; unless you have an old image of the
>> drive you can restore long enough to get the protection turned off,
>> and then reinstall again. I say image because you'll have to
>> restore the entire operating system from an image for it to work.
>> No image, not gonna work. The encryption is doing its job.
>
> No, we had to purchase a new OS entirely. Not even the same version
>
> Oh well, as long as I can delete them (which is odd as I can't
> retrieve them or even burn them to CD!).

You -might- be able to copy them if you can "take posession" of the
administrative rights to them. It won't solve encryption, but you might be
able to save them to another location if you wanted. I don't know of any
reason to do that though, to be honest, unless you're going to put a
24/7/365 cracker on it for the next few years <g>.

>
> Thanks for the input, I will stop spending energy on them!

I think I would do that. FWIW, your issues are a pretty common problem for
a LOT of inexperienced people so you're not alone in this one.

Regards,

Pop`

>
> DN
>>
>> HTH
>> Pop`

Doug, if there's any chance that you still have the old "user profile" stored
on that computer, there's a chance you can get back access to the keys that
were used to encrypt (secure) those "green" files in your previous install of
Windows.

Check under C:\Documents and Settings\ (or whereever your user profiles are
stored) for any other folders that would have the name you used to use to
login.

If there's a folder there with your old logon name, that has a date
somewhere around the time of the crash, then that's your old "user profile".
Get a copy of that immediately - on CD, on a second hard drive or even a USB
stick if you have one.

Now, there's some tool$ that allow you to dig out your keys from the old
profile directory (knowing your old password, of course) - that's quick &
dirty, but co$t$ money. If you'd like a free but manual approach, try
something like this:
http://windowsxp.mvps.org/userpath.htm
http://www.experts-exchange.com/OS/M..._21788884.html

If you can login and have Windows use your old profile, and you're logging
in with the same password as before, then try accessing your encrypted files.
You might be able to decrypt them there, then swap your user profiles back,
and you'll be in the clear.

Good luck,
--
Mike Smith-Lonergan
Independent Security Consultant
http://paranoidmike.blogspot.com


"Poprivet" wrote:

> Doug N wrote:
> > "Poprivet" wrote:
> >
> >> The green indicates they are encrypted with XP's rather excellent
> >> encryption system. Since you reinstalled XP, it is now as though
> >> they were "stolen" and put on a different computer. As you can
> >> see, the thief would not be able to crack them without some pretty
> >> expensive work.
> >
> > And 'expensive work' means? Is this similar to WoedPerfect password
> > encryption? I have files on floppy I have been trying to retreive
> > since 1991!!
>
> Sorry; expensive means that there ARE businesses that can eventually crack
> the certificates or otherwise find ways to get at the data and give you back
> the data, but "expensive" means in the hundreds of dollars and upwards of
> thousands depending. I've no idea what their processes might be; way beyond
> me, I'm sure. They would be similar to the companies that get data off
> trashed hard drives but more expensive.
>
> 1991 Floppies are almost certainly drink coasters by now.
> I don't know anything about WordPerfect's encryption, but I think I'd search
> on that one with Google to see what might be available. I'd say there is a
> possibility of retrieving some of those, BUT, depending on their age, the
> disks might be completely unusable by now anyway.
> Floppies do not persist very long; the magnetic media on floppies begins
> to degrade almost instantly and a floppy over a year old is very "iffy" as
> to whether it contains any retrievable data or not. If those floppies are
> 1991 vintage, about all they're good for now is going to be drink coasters,
> I'm afraid, unless they've been refreshed periodically. I'm afraid they're
> a lost cause. When floppies were used for backups most companies had a
> "refresh" strategy where the disks were read from and all data written back
> to, them every 6 months. Secure files might have been refreshed on say, a
> monthly basis.
>
> >
> >> Unfortunately, neither can you now, without the certificates.
> >> That's a disk you make, so that if you move or reinstall, you'll be
> >> able to gain access to your files again. It's partly MS's fault for
> >> not making it clearer you had to do that, and partly your fault for
> >> not reading the appropriate Help sections about it beforehand.
> >
> > Shame on me!! :-/
>
> Call it a lesson in encryption. Always make sure to create the encryption
> recovery disks.
>
> >
> >> I'm afraid the files are gone; unless you have an old image of the
> >> drive you can restore long enough to get the protection turned off,
> >> and then reinstall again. I say image because you'll have to
> >> restore the entire operating system from an image for it to work.
> >> No image, not gonna work. The encryption is doing its job.
> >
> > No, we had to purchase a new OS entirely. Not even the same version
> >
> > Oh well, as long as I can delete them (which is odd as I can't
> > retrieve them or even burn them to CD!).
>
> You -might- be able to copy them if you can "take posession" of the
> administrative rights to them. It won't solve encryption, but you might be
> able to save them to another location if you wanted. I don't know of any
> reason to do that though, to be honest, unless you're going to put a
> 24/7/365 cracker on it for the next few years <g>.
>
> >
> > Thanks for the input, I will stop spending energy on them!
>
> I think I would do that. FWIW, your issues are a pretty common problem for
> a LOT of inexperienced people so you're not alone in this one.
>
> Regards,
>
> Pop`
>
> >
> > DN
> >>
> >> HTH
> >> Pop`
>
>
>
>