NTFS Encryption

[neon]

i have my docs saved on a seperate drive, encrypted. i
reinstalled win xp and now am unable to access the folder
at all. does any1 know a way to gain access, as what i'v
gathered so far from the kb is that i'm screwed.
say it ain't so, as they r all my scripts & my last back
up doesn't contain the last 10 days work, recent outlook &
bookmarks (which i'd backed up to my docs just b4
reinstalling)

 

[Marli]

Welcome to the world of us people who never back up
certificates (read don't know how to use encryption
safely or properly). I spent the last week and a half in
a similar situation and I've put a lot of effort into
figuring out a way around this problem. Basically, it all
comes down to whether or not you still have any of your
previous installation of XP remaining (really all you
need is your old Documents and Settings folder). For
example if you installed windows over itself, or if you
installed a second copy of XP, this might be the case. If
so, then you may possibly be able to get through this,
check out
http://www.beginningtoseethelight.org/efsrecovery/
(if you can't be bothered doing it manually like they
suggest, check out www.elcomsoft.com/aefsdr.html, they
have a beaut program to do it but the catch is you'll
need to register it, $130 AUD, or it will only do the
first 512 bytes of each file). If you don't have your old
Documents and Settings folder, say if you re-formatted
the hard drive, then besides some very sophisticated (and
expensive) data recovery, you are pretty much screwed.
There isn't anyway else around it unless you want to try
and break the encryption yourself (you better start
looking at getting some Cray supercomputer's or
something). Of course, (and I'm dreaming a bit now)
perhaps if you didn't do a full format of the hard drive,
only a quick format, the necessary files might still be
there, in which case you might be able to use a program
to recover them, as long as they haven't been overwritten
(a file undelete program like Norton Whatchamacallit
which allows you to search for deleted files or something
might do the trick, check out their website). Also, see
the first site listed above for a very technical look at
how you can peice a security certificate back together
from these old or deleted file fragments (it should also
tell you which files you need to recover). This would be
a very, very long shot though, and you have to build
whole new security certificates in hex, so if you don't
know much about how computers work (hexidecimal, binary
and ASCII mostly) then you won't have much of a chance.
Anyway, I hope you figure something out.

 

[Jupiter Jones [MVP]]

The data is probably gone for good.
See this link for possible options:
http://www3.telus.net/dandemar/encrypt.htm

 

[Guest]

-----Original Message-----

this happen to u beacuse the permission when away u have
to give a owner to the drive again...how go to folders
options in the last line share recommend take off. then
ok . then what this will do is give u a tab window in
your drive call (security) u clic there then advance then
give a owner to your drive...

 

[Jupiter Jones [MVP]]

That will not help if the issue is encryption.

 

[NEON]

I can now 'see' the files i want to recover using Advanced
EFS Data Recovery but am unable to decrypt them. There is
one file which i can view the encryption details for and
under user it lists me (i assume from my previous
instillation) and 'Certificate Thumbprint' "C2C9 B7EF E3B3
79ED 334E 11FB 7983 CE8F 31D9 56B3".
Can i use this info in any way to recover my docs?

Thanks for the advice so far.

 

[Doug Knox MS-MVP]

If you did not back up your encryption certificates, your data is lost.

 

[Neon]

I now have access to all the folders by using
"Microsoft Knowledge Base Article - 308421" and am able to
make myself owner, permission holder and all else of each
file but still can't actually open a file.
i'm a long way on from where i was and feel there must be
a way in.
To the guy who said being able to access the files would
defeat the purpose of encryption i'd point out they are my
files so i don't see why my user name and password weren't
somehow used as the key. I would say the purpose of
encryption is to protect your files from others, not
yourself,
and when you 1st encrypt a file a pop-up or something
should explain the nature of certificates (they have pop-
ups for everything else!)
From the 3 days i'v had this problem i now see it is a
major problem for many many users and, while not a bug as
such, believe it is a flaw not to warn, explain or
enlighten users of this BEFORE it happens.
Thanks every1 who has helped so far.
Mark.

 

[Jupiter Jones [MVP]]

The article you referenced simply gives you Ownership of the data, and
does not and is not intended to give you access.

Few would dispute that there should be more of a warning about using
EFS.
However there is more to it than user name and password.
If that is all the protection you need, simply keep the data private:
http://support.microsoft.com/?kbid=307286
With Private data, anyone can gain access simply by gaining physical
control. (stealing the computer)
With EFS, stealing the computer is not enough, the data is still
protected.
The stolen computer has no way of knowing who the owner is, but the
lack of keys will prevent access.

You can not have the ease of recovery with the security of EFS.
EFS is currently unbreakable for all practical purposes.

It does not really matter what you or I think should be, the fact is
without the keys, the data is effectively gone.

You really need to read the links in my other post BEFORE using EFS
again.

 

[Torgeir Bakken (MVP)]

(snip)
and when you 1st encrypt a file a pop-up or something
should explain the nature of certificates (they have pop-
ups for everything else!)
From the 3 days i'v had this problem i now see it is a
major problem for many many users and, while not a bug as
such, believe it is a flaw not to warn, explain or
enlighten users of this BEFORE it happens.

Hi

Yes, I completely agree with you about the warning message, I have
taken this up with Microsoft personnel several times. If we are lucky,
we will get it in the next OS (Longhorn), but I wouldn't hold my breath
if I was you ;-)