More than one encryption key: XP PRO not-networked

[Guest]

I had earlier encrypted some files on a user account that did not have a
password. I saved the encryption key.

I realized that it was dumb to not have a password on the account so I added
one using my administrative account. Due to the warning about losing
encrypted files, I first unencrypted all of the files before setting the
password. I did not remove the old certificate (I expected it to disappear).

After adding the password, I re-encrypted the files. The next day I could
not access the files. I have two encryption certificates, the most recent
dated as if it applied to the newly encrypted files.

I resolved this matter by restoring the old certificate.

Finally, my question is whether I should remove the most recent certificate.
Will that cause any problems?

 

[Guest]

The password reset prevented the operating system from decrypting your EFS
key on your next login. The result was that EFS had to generate a new
certificate & key, since the old key was inaccessible, to encrypt the files.


Before removing certificates, you should be certain which is now being used
by EFS. You can determine that by comparing certificate thumbprints on the
files with the thumbprints on the certificates. To check the thumbprint on
the files, open the file properties, click Advanced, and then click Details.
You'll see the certificate thumbprint in the list box at the top of the
"Encryption Details" page. To check the thumbprint on the certificates, run
certmgr.msc, expand the Personal node, and click Certificates. In the right
pane, open each certificate, select the Details tab, and scroll down to
Thumbprint. The certificate with the matching thumbprint is the one that was
used to encrypt the files.

You can also confirm which certificate EFS is using as your current key by
opening the registry to HKCU\Software\Microsoft\Windows
NT\CurrentVersion\EFS\CurrentKeys. The CertificateHash is the thumbprint of
the certificate EFS is using to encrypt files.

I would back up both certificates, just in case there are still files
encrypted with the other certificate, and store the backups on removable
media. Once you have the backups, it should be safe to remove the
certificate that is not your current key or just leave it in your
Certificates store.

Thanks.
Pat