How can encrypted files be accessed on a crashed system

[Guest]

Accessing XP encrypted files. I have a XP system that crashed the user reinstalled XP. The users folders were encrypted. I took owner ship of the files and can set the files but they are still encrypted. They show up green and when selected the message is access denied the details say the t the file is in use. Is there any way to break the encryption and open the files

 

[Torgeir Bakken (MVP)]

Accessing XP encrypted files. I have a XP system that crashed the user reinstalled XP. The users folders were encrypted. I took owner ship of the files and can set the files but they are still encrypted. They show up green and when selected the message is access denied the details say the t the file is in use. Is there any way to break the encryption and open the files

Hi

The data can be recovered in some cases even if you didn't export the
encryption certificate:

Here is an extract from
http://www.beginningtoseethelight.org/efsrecovery/

<quote>
if you have following folders and their contents from the orginal install of
2k or xp - you can recover you efs data. knowledge of your password is also
required for this amount of data.

c:\documents and settings\foo\application data\microsoft\crypto\
- private keys

c:\documents and settings\foo\application data\microsoft\protect\
- locks your current password to your private keys

c:\documents and settings\foo\application data\microsoft\systemcertificates\
- public keys (not essential to be the orginal as another valid key can be
madeup)

this data maybe on an unbootable system, a backup, roaming profile or
currently on the system, either in the file system or in the free space.
</quote>

 

[Carey Frisch [MVP]]

Before you encrypt anything important, you should back up your
personal encryption certificate (with its associated private key)
and the recovery agent certificate to a floppy disk and store it in
a secure location. If you ever lose your original certificate
(because of a hard disk failure, for example), you can restore
the backup copy and regain access to your files. If you lose all
copies of your certificate (and no recovery agent certificates exist),
you won't be able to use your encrypted files. No back door exists,
nor is there any practical way to hack these files.
(If there were, it wouldn't be very good encryption.)

HOW TO: Remove File Encryption in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;EN-US;308993

Without a backup of the original Encryption Certificate Key, encrypted files
are unrecoverable as they will stay encrypted forever. There is no recovery
method since the encryption algorithm is now completely different with a
reinstall of Windows XP.

See if the following articles help in any way:

HOW TO: Take Ownership of a File or Folder in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;308421

Best Practices for the Encrypting File System
http://support.microsoft.com/default.aspx?scid=kb;en-us;223316

Encrypting File System in Windows XP
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prod
technol/winxppro/deploy/CryptFS.asp

EFS Files Appear Corrupted When You Open Them
http://support.microsoft.com/default.aspx?scid=kb;en-us;329741

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

--------------------------------------------------------------------------------------------------


| Accessing XP encrypted files. I have a XP system that crashed the user reinstalled XP. The users folders
were encrypted. I took owner ship of the files and can set the files but they are still encrypted. They show
up green and when selected the message is access denied the details say the t the file is in use. Is there any
way to break the encryption and open the files