ENCRYPTION KEY DISK - LOST DATA

[Guest]

FACTS: I have "encrypted" two folders (files with Microsoft WORD files, and files with Microsoft ACCESS). I am using Microsoft's Windows XP Professional, and the associated native "encryption" for the NTFS files.

I have a Fujitsu DYNAMO 2300 U2 external drive with 1.3 GB Magneto-Optical disks. I am using STOMP, INC. "backup" software known as "BackUpMyPC" (Veritas software) (version 4.85) (NOTE: My backup includes the "system files" as "selected" on the BackupMyPC software. The aforesaid backup includes my "encrypted" files (Microsoft WORD files and Microsoft ACCESS database files).

I had to format my hard drive, and proceeded to do a "restore" using the BackupMyPC software with the 1.3 GB disk. I inadvertently forgot to make an "encrypted key" disk, so I could install the encryption key (NOTE: I was informed that since I had a backup with the "system files," that it would be possible to restore the files and obtain the encrypted files).
I have been unable to restore the backup and obtain the encrypted files (Microsoft WORD and Microsoft ACCESS files). The machine will not let me restore, and says the files are protected, and I am locked-out of the folders, since they are encrypted. BackupMyPC software technicians could not solve the problem and said the encryption was preventing the access and restore, and that Microsoft was the blame.

END OF FACTS.

Any suggestion and assistance on this matter would be appreciated.

Roy A. Day ([email protected])

 

[Carey Frisch [MVP]]

Q. "Encryption was preventing the access and restore, and that Microsoft was the blame."

A. On the contrary, if "you" never made a personal encryption certificate, with its associated private key,
who exactly is to blame?

If you failed to make copies of your certificate (and no recovery agent certificates exist),
you won't be able to use your encrypted files. No back door exists, nor is there any practical
way to hack these files. (If there were, it wouldn't be very good encryption.)

HOW TO: Remove File Encryption in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;EN-US;308993

Without a backup of the original Encryption Certificate Key, encrypted files
are unrecoverable as they will stay encrypted forever. There is no recovery
method since the encryption algorithm is now completely different with a
reinstall of Windows XP.

See if the following articles help in any way:

HOW TO: Take Ownership of a File or Folder in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;308421

Best Practices for the Encrypting File System
http://support.microsoft.com/default.aspx?scid=kb;en-us;223316

Encrypting File System in Windows XP
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx

EFS Files Appear Corrupted When You Open Them
http://support.microsoft.com/default.aspx?scid=kb;en-us;329741

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

-----------------------------------------------------------------------------------------------


| FACTS: I have "encrypted" two folders (files with Microsoft WORD files, and files with Microsoft ACCESS). I
am using Microsoft's Windows XP Professional, and the associated native "encryption" for the NTFS files.
|
| I have a Fujitsu DYNAMO 2300 U2 external drive with 1.3 GB Magneto-Optical disks. I am using STOMP, INC.
"backup" software known as "BackUpMyPC" (Veritas software) (version 4.85) (NOTE: My backup includes the
"system files" as "selected" on the BackupMyPC software. The aforesaid backup includes my "encrypted" files
(Microsoft WORD files and Microsoft ACCESS database files).
|
| I had to format my hard drive, and proceeded to do a "restore" using the BackupMyPC software with the 1.3 GB
disk. I inadvertently forgot to make an "encrypted key" disk, so I could install the encryption key (NOTE: I
was informed that since I had a backup with the "system files," that it would be possible to restore the files
and obtain the encrypted files).
| I have been unable to restore the backup and obtain the encrypted files (Microsoft WORD and Microsoft
ACCESS files). The machine will not let me restore, and says the files are protected, and I am locked-out of
the folders, since they are encrypted. BackupMyPC software technicians could not solve the problem and said
the encryption was preventing the access and restore, and that Microsoft was the blame.
|
| END OF FACTS.
|
| Any suggestion and assistance on this matter would be appreciated.
|

 

[Miha Pihler]

Hi,

if you haven't created backup of your private encryption keys or private
keys of recovery agent your files are gone for ever.

If your computer is part of domain, talk to your domain admin. He might have
recovery agent setup.

If BackUpMyPC program would use Microsoft backup APIs it would be able to
backup and restore encrypted files, but without your EFS private keys they
would just the same be gone for ever.

Mike

FACTS: I have "encrypted" two folders (files with Microsoft WORD files,

and files with Microsoft ACCESS). I am using Microsoft's Windows XP
Professional, and the associated native "encryption" for the NTFS files.

I have a Fujitsu DYNAMO 2300 U2 external drive with 1.3 GB Magneto-Optical

disks. I am using STOMP, INC. "backup" software known as "BackUpMyPC"
(Veritas software) (version 4.85) (NOTE: My backup includes the "system
files" as "selected" on the BackupMyPC software. The aforesaid backup
includes my "encrypted" files (Microsoft WORD files and Microsoft ACCESS
database files).

I had to format my hard drive, and proceeded to do a "restore" using the

BackupMyPC software with the 1.3 GB disk. I inadvertently forgot to make an
"encrypted key" disk, so I could install the encryption key (NOTE: I was
informed that since I had a backup with the "system files," that it would be
possible to restore the files and obtain the encrypted files).

I have been unable to restore the backup and obtain the encrypted files

(Microsoft WORD and Microsoft ACCESS files). The machine will not let me
restore, and says the files are protected, and I am locked-out of the
folders, since they are encrypted. BackupMyPC software technicians could not
solve the problem and said the encryption was preventing the access and
restore, and that Microsoft was the blame.

 

[Miha Pihler]

Q. "Encryption was preventing the access and restore, and that Microsoft was the blame."

A. On the contrary, if "you" never made a personal encryption

certificate, with its associated private key,

who exactly is to blame?

"Bob" or "Alice" that said that encryption keys are part of System State
backup

Mike

 

[Torgeir Bakken \(MVP\)]

FACTS: I have "encrypted" two folders (files with Microsoft WORD files, and files with Microsoft ACCESS). I am using Microsoft's Windows XP Professional, and the associated native "encryption" for the NTFS files.

I have a Fujitsu DYNAMO 2300 U2 external drive with 1.3 GB Magneto-Optical disks. I am using STOMP, INC. "backup" software known as "BackUpMyPC" (Veritas software) (version 4.85) (NOTE: My backup includes the "system files" as "selected" on the BackupMyPC software. The aforesaid backup includes my "encrypted" files (Microsoft WORD files and Microsoft ACCESS database files).

I had to format my hard drive, and proceeded to do a "restore" using the BackupMyPC software with the 1.3 GB disk. I inadvertently forgot to make an "encrypted key" disk, so I could install the encryption key (NOTE: I was informed that since I had a backup with the "system files," that it would be possible to restore the files and obtain the encrypted files).
I have been unable to restore the backup and obtain the encrypted files (Microsoft WORD and Microsoft ACCESS files). The machine will not let me restore, and says the files are protected, and I am locked-out of the folders, since they are encrypted. BackupMyPC software technicians could not solve the problem and said the encryption was preventing the access and restore, and that Microsoft was the blame.

END OF FACTS.

Any suggestion and assistance on this matter would be appreciated.

Hi

If you can restore the user profile folders for the user that
encrypted the files and if you remember the password for the user
that encrypted the data, you might be able to save the files
without paying for a program or support call.

Take a look at this site for more details:

http://www.beginningtoseethelight.org/efsrecovery/


Also note that in addition to the encryption problem, you might
need to take ownership of the files as well:

HOW TO: Take Ownership of a File or Folder in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;308421

 

[Carey Frisch [MVP]]

The file encryption key is itself encrypted.
The file encryption key is also protected by the public key.
To decrypt a file, the file encryption key must first be decrypted.
The file encryption key is decrypted when the user has a private
key that matches the public key.
Private keys are securely held in a protected key store, and not
in the Security Accounts Manager (SAM) or in a separate directory.

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

----------------------------------------------------------------------------------------------

"ROY A. DAY" (e-mail address removed) wrote in message:

| Would the "system files," which were backed-up using BackMyPC application, have the encryption key
certificate in one of the folders?
|
| Roy A. Day ([email protected])

 

[Torgeir Bakken \(MVP\)]

Would the "system files," which were backed-up using BackMyPC
application, have the encryption key certificate in one
of the folders?

Hi

If you can restore the user profile folders for the user that
encrypted the files and if you remember the password for the user
that encrypted the data, you might be able to save the files.

Take a look at this site for more details:

http://www.beginningtoseethelight.org/efsrecovery/


Also note that in addition to the encryption problem, you might
need to take ownership of the files as well:

HOW TO: Take Ownership of a File or Folder in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;308421

 

[Torgeir Bakken \(MVP\)]

Would the "system files," which were backed-up using BackMyPC
application, have the encryption key certificate in one of the
folders? NOTE: I WANT AN ANSWER OF "YES" OR "NO" PERTAINING
TO THE AFORESAID FOLDER. WHAT IS THE FOLDER NAME? WHERE IS
HE FOLDER LOCATED? THESE ARE THE ONLY ANSWERS I NEED AT THE
PRESENT TIME. The decryption I can handle, once I get the
aforesaid information.

Hi

Have you tied to read the information in the link I have presented to you a
couple of times now?

From
http://www.beginningtoseethelight.org/efsrecovery/

</quote>
if you have following folders and their contents from the orginal
install of 2k or xp - you can recover you efs data. knowledge of
your password is also required for this amount of data.

c:\documents and settings\foo\application data\microsoft\crypto\
- private keys

c:\documents and settings\foo\application data\microsoft\protect\
- locks your current password to your private keys

c:\documents and settings\foo\application data\microsoft\systemcertificates\
- public keys (not essential to be the orginal as another valid key
can be madeup)

this data maybe on an unbootable system, a backup, roaming profile
or currently on the system, either in the file system or in the
free space.
</quote>

You need to substitute "foo" above with the profile folder name for
your user on the old OS installation.

 

[Guest]

Yes, I am working on your information, including the Web sites. Your information was what I was requesting (folder names, and locations, etc.). This gets me going in the right direction. Thanks.

Roy A. Day ([email protected])