Win XP Pro Encryption

[Guest]

Hi all,
My machine (AMD 64 3000+, ASUS K8V SE Deluxe M/B, 1.5gb DDR 3200 mem, ATI
Radeon 9600 and 2 Maxtor HDs 160 SATA & 80 ATA133) was starting to slow down
quite a bit and I finally decide to get rid off all the accumulated rubbish
and do a complete reinstall of Win XP pro.

The problem is that after reinstalling XP Pro/SP2 (not a repair) and
reinstalled the programs that I needed I found that I was unable to access my
DATA folder which I had encrypted for security reasons.

Can anybody let me know why this has happened? The Win XP Pro/SP2 my
settings and the other programs are all the same as before so why can't I
access my files?

Help is wanted URGENTLY,
Thanks for your help
Regards
Gerryw

 

[Carey Frisch [MVP]]

If you failed to make copies of your certificate (and no recovery agent certificates exist),
you won't be able to use your encrypted files. No back door exists, nor is there any practical
way to hack these files. (If there were, it wouldn't be very good encryption.)

HOW TO: Remove File Encryption in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;EN-US;308993

Without a backup of the original Encryption Certificate Key, encrypted files
are unrecoverable as they will stay encrypted forever. There is no recovery
method since the encryption algorithm is now completely different with a
reinstall of Windows XP.

See if the following articles help in any way:

HOW TO: Take Ownership of a File or Folder in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;308421

Best Practices for the Encrypting File System
http://support.microsoft.com/default.aspx?scid=kb;en-us;223316

Encrypting File System in Windows XP
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx

EFS Files Appear Corrupted When You Open Them
http://support.microsoft.com/default.aspx?scid=kb;en-us;329741


--
Carey Frisch
Microsoft MVP
Windows Shell/User

----------------------------------------------------------------------------------------------------

:

| Hi all,
| My machine (AMD 64 3000+, ASUS K8V SE Deluxe M/B, 1.5gb DDR 3200 mem, ATI
| Radeon 9600 and 2 Maxtor HDs 160 SATA & 80 ATA133) was starting to slow down
| quite a bit and I finally decide to get rid off all the accumulated rubbish
| and do a complete reinstall of Win XP pro.
|
| The problem is that after reinstalling XP Pro/SP2 (not a repair) and
| reinstalled the programs that I needed I found that I was unable to access my
| DATA folder which I had encrypted for security reasons.
|
| Can anybody let me know why this has happened? The Win XP Pro/SP2 my
| settings and the other programs are all the same as before so why can't I
| access my files?
|
| Help is wanted URGENTLY,
| Thanks for your help
| Regards
| Gerryw

 

[Guest]

i found a way to recover encrypted files without having backup of
certificate. but this is a complexed method and can not be told here.

i m happy to recover my files back. and method is very easy. i can't believe
that how come noone found out this method. maybe noone wants to share info
with others... i can tell you by e-mail if u care.

 

[Steven L Umbach]

Why can't it be told here? I would be interested to see the details if you
could post here in the newsgroup. You don't necessarily need the EFS private
key from a backup but access to an EFS private key that can decrypt the FEK
for the file is a must. --- Steve

 

[Guest]

i gave my 4 days to find the solution. i did not decrypt anything. all i can
say for now is try to boot ur pc with a live linux cd and look for
possibilities thats sooo easy.

 

[Malke]

i gave my 4 days to find the solution. i did not decrypt anything. all
i can say for now is try to boot ur pc with a live linux cd and look
for possibilities thats sooo easy.

If you think this is true you don't know anything about encryption,
Windows, or Linux.

*plonk*

Malke

 

[Guest]

ha-ha!

i know that i encrypted my folder, then i formatted my computer and couldn't
access to my folder. (message: [foldername] not accessible)

and then i accessed to my folder and files by using linux. if u don't wanna
learn how to do it, just don't reply.

coz i m just tryin to help people who lost their files.

 

[Steven L Umbach]

Well your post is misleading as now you say you did not decrypt the files
which is the only possible way to access files encrypted with EFS. Possibly
you had a problem with file permissions and was able to work around that
with an alternate operating system rather that using native Windows
methods. --- Steve

 

[Colin Nash [MVP]]

ha-ha!

i know that i encrypted my folder, then i formatted my computer and
couldn't
access to my folder. (message: [foldername] not accessible)

and then i accessed to my folder and files by using linux. if u don't
wanna
learn how to do it, just don't reply.

coz i m just tryin to help people who lost their files.

Congrats, you should apply for a job at Microsoft or the NSA.

Seriously though, it sounds like the problem was with NTFS permissions not
encryption.

 

[Guest]

Hi to all who posted a reply to my problem. I thank you very much.

As you all know, I could not get round the encryption problem but finally
found a solution by purchasing and using a small program that lets you
retrieve lost files from hds that have been reformatted, corrupted etc but
have not had any new data written to it.

I successfully retrieved all the files from the hd using this program.

Anybody wanting to know about this program please contact me (as I'm not
sure that I can give out the name of this software online)?

Regards, Gerryw.

 

[Steven L Umbach]

You can certainly give out the name of any legitimate software that you
found helpful and even provide a link for it. Congrats on recovering your
files. Depending on how EFS was implemented and the application that created
the files there may be clear text copies that can be recovered. That is why
Microsoft does not suggest encrypting individual files and using cipher /w
before logging off . --- Steve

 

[Guest]

I hope I can get an answer on this old post. I get errors when trying to
start a new post.

I just installed XP on a new HD. I restored my data from DVDs. It still
had the EFS on it. I have the key on another computer (that I had originally
exported/imported to that computer) so I exported/imported it to the computer
with the new HD. I get an access denied message which means the key is wrong.

1) Did I need the key in when I restored the files?

2) When I first installed XP was there a key automatically made that I
needed? When I did the import, I don't know if there was already a key
there. If so, it's not there now (I may have deleted it).

3) Do I need to use a Windows login password to make the key work. I had a
Windows login password on the old HD and on the 2nd computer.

4) When I export the key from the 2nd computer, do I need the "original"
password I used when I imported it last year?

Thanks for any help you can give. I thought I did everything right, but it
won't work.

Mei2Qiang2
PS, I tried the efsinfo.exe command, but it says I'm denied.

============

 

[Guest]

Ok, I got the efsinfo to work and I get this:
Users who can decrypt:
Unknown <my name<my name@DELL8600>>
Certificate thumbprint: ######
No recovery agent is found

I actually have three keys in the computer. Only one of them is my
name@DELL8600. The other two are @SOLO. None of the thumbprints match.

Is it possible that there is another key and that all of these files are
encrypted on that key? Yet, that doesn't make sense as most of these files
were all originally encypted on the SOLO and moved to the DEll. I'll try
restoring some of them to the SOLO and see what happens.

I'd still appreciate any answers to my previous questions.

=============================

 

[Guest]

moved to "Encrypted Files from a formatted drive" 10/31/2006

 

[Guest]

Gerryw,

If you do remmember the name of the program that recovers encrypted files or
have a link to it I would appreciate it.

Also, if there is a way of recovering the key via the registry that also
would work form me.

Any help would be appreciated.

Thanks
Robi

 

[Guest]

Hi Robi,

I don't know if this is what Gerryw used, but it might help.
http://www.elcomsoft.com/aefsdr.html

================================

 

[Guest]

Thanks. I tried it but no luck.

I have a full system backup. Is there any way to recover the key from the
registry or other windows SAM files.

Thanks
Robi

 

[Guest]

Sorry Robi. That's all I can offer unless you can boot from the HD. If you
can, then boot and export the key.

Info about exporting (also good info in Windows Help)
http://support.microsoft.com/default.aspx?scid=kb;en-us;241201&sd=tech

An Overview of the Encrypting File System
http://www.microsoft.com/technet/security/topics/cryptographyetc/efs.mspx

Encrypting File System in Windows XP and Windows Server 2003
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx

PS, I just sent my HD to a data recovery company, but I'm not sure they know
much about Windows EFS.

=======================