Lost all public key's, and need to access encrypted files. Need Help!

[Kheltys]

I lost both the Admin, and user public keys on my local
machine. There is A LOT of encrypted data I need access
too. I lost the certificates/keys when another user force
changed the passwords on all the accounts, including the
admin account. The EFS keys were deleted cause of that I
think, and now NO ONE can un-encrypt the data. Can
anyone help me out and tell me how to recover these files
even though I do not have the origional key?

Thanks much
- Kheltys

 

[Carey Frisch [MVP]]

See if the following articles help in any way:

HOW TO: Remove File Encryption in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;EN-US;308993

HOW TO: Take Ownership of a File or Folder in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;308421

Best Practices for the Encrypting File System
http://support.microsoft.com/default.aspx?scid=kb;en-us;223316

Encrypting File System in Windows XP
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prod
technol/winxppro/deploy/CryptFS.asp

EFS Files Appear Corrupted When You Open Them
http://support.microsoft.com/default.aspx?scid=kb;en-us;329741


--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

--------------------------------------------------------------------


| I lost both the Admin, and user public keys on my local
| machine. There is A LOT of encrypted data I need access
| too. I lost the certificates/keys when another user force
| changed the passwords on all the accounts, including the
| admin account. The EFS keys were deleted cause of that I
| think, and now NO ONE can un-encrypt the data. Can
| anyone help me out and tell me how to recover these files
| even though I do not have the origional key?
|
| Thanks much
| - Kheltys

 

[twobricks]

Download this (trial) commercial program, see if it can decrypt your files,
then buy it to actually decrypt them (if your files are worth the cost).

http://www.crackpassword.com/products/prs/otherms/efs/
(Despite the 'iffy' sounding name, this is a genuine commercial site)

Worked for me on over 1gb/1200 files.

 

[Jupiter Jones [MVP]]

Probably not, take a look here though:
http://www3.telus.net/dandemar/Encrypt.htm

 

[Jupiter Jones [MVP]]

If this worked for you, you had the keys.
The OP states "I lost the certificates/keys..."
The keys are essential to data recovery as you would know if you used
the product or at least read a little about it.

 

[Drew Cooper [MSFT]]

OP also said "The EFS keys were deleted cause of that I think" about
password reset. That's not how it works. A password reset orphans keys
protected by DPAPI. Changing the password back to its previous value lets
the user unlock the keys again.

The 3rd party tools will work in this case.

So would freeware to set password to their previous values.

 

[Jupiter Jones [MVP]]

Drew;
Somehow I missed the connection in the OPs statement about reset
password and keys deleted.
So these tools may work in this case if the keys are there.
But that is why I gave the link in my post so the OP could determine
if it was possible for himself based on actual circumstances and not
based on what was perceived.

--
Jupiter Jones [MVP]
An easier way to read newsgroup messages:
http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp
http://www3.telus.net/dandemar/

OP also said "The EFS keys were deleted cause of that I think" about
password reset. That's not how it works. A password reset orphans keys
protected by DPAPI. Changing the password back to its previous value lets
the user unlock the keys again.

The 3rd party tools will work in this case.

So would freeware to set password to their previous values.
--
Drew Cooper [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.

If this worked for you, you had the keys.
The OP states "I lost the certificates/keys..."
The keys are essential to data recovery as you would know if you used
the product or at least read a little about it.

--
Jupiter Jones [MVP]
An easier way to read newsgroup messages:
http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp
http://www3.telus.net/dandemar/


your
files, the
cost).

 

[Drew Cooper [MSFT]]

I'm not doubting your psychic abilities any more than my own. ;-)
You're a frequent contributor to these newsgroups and I value what you add.
I'm sorry if my post seemed harsh - I didn't mean any offense.
--
Drew Cooper [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.

Drew;
Somehow I missed the connection in the OPs statement about reset
password and keys deleted.
So these tools may work in this case if the keys are there.
But that is why I gave the link in my post so the OP could determine
if it was possible for himself based on actual circumstances and not
based on what was perceived.

--
Jupiter Jones [MVP]
An easier way to read newsgroup messages:
http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp
http://www3.telus.net/dandemar/

OP also said "The EFS keys were deleted cause of that I think" about
password reset. That's not how it works. A password reset orphans keys
protected by DPAPI. Changing the password back to its previous value lets
the user unlock the keys again.

The 3rd party tools will work in this case.

So would freeware to set password to their previous values.
--
Drew Cooper [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.

If this worked for you, you had the keys.
The OP states "I lost the certificates/keys..."
The keys are essential to data recovery as you would know if you used
the product or at least read a little about it.

--
Jupiter Jones [MVP]
An easier way to read newsgroup messages:
http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp
http://www3.telus.net/dandemar/


Download this (trial) commercial program, see if it can decrypt your
files,
then buy it to actually decrypt them (if your files are worth the
cost).

http://www.crackpassword.com/products/prs/otherms/efs/
(Despite the 'iffy' sounding name, this is a genuine commercial
site)

Worked for me on over 1gb/1200 files.

 

[Jupiter Jones [MVP]]

Not a problem Drew.
I took it in the spirit you intended.

This can be a touchy issue since some people use EFS without
considering possible consequences with a common result of permanently
lost important data.
Of course technology marches on and someday it may be broken...with it
encryption.

--
Jupiter Jones [MVP]
An easier way to read newsgroup messages:
http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp
http://www3.telus.net/dandemar/

I'm not doubting your psychic abilities any more than my own. ;-)
You're a frequent contributor to these newsgroups and I value what you add.
I'm sorry if my post seemed harsh - I didn't mean any offense.
--
Drew Cooper [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.

Drew;
Somehow I missed the connection in the OPs statement about reset
password and keys deleted.
So these tools may work in this case if the keys are there.
But that is why I gave the link in my post so the OP could determine
if it was possible for himself based on actual circumstances and not
based on what was perceived.

--
Jupiter Jones [MVP]
An easier way to read newsgroup messages:
http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp
http://www3.telus.net/dandemar/


orphans
keys no
rights. you
used decrypt
your worth
the

 

[Guest]

To Carey Frisch (MVP)

Your reference to take ownership of files .. article 308421...was a blessing. Due to MS non-destructive Recovery, all my protected data appeared to have been wiped out... in fact it was just hidden, inaccessable, and folder was supposedly empty. Following the simple instructions I got it all back....but I had to copy it... I never could get the permissions right to access it directly.