Accessing documents from a corrupted harddrive

[Guest]

I have a HD with a corrupted windows install (blue screen on startup). I
installed the HD in another computer as a slave. I can access the drive and
all files except the ones in the "my documents" folder. "properties" reports
about 25GB in the folder, and using the "share" function, I can access the
subfolders but I can't copy actual files. Is there anything I can do to
access these files? Can I reinstall windows on this drive without
compromising the files?

 

[Rock]

I have a HD with a corrupted windows install (blue screen on startup). I
installed the HD in another computer as a slave. I can access the drive
and
all files except the ones in the "my documents" folder. "properties"
reports
about 25GB in the folder, and using the "share" function, I can access the
subfolders but I can't copy actual files. Is there anything I can do to
access these files? Can I reinstall windows on this drive without
compromising the files?

Are you getting an access denied message? It is likely an issue of
Ownership. From Start | Help and Support search on ownership or see this
link.

HOW TO: Take Ownership of a File or Folder in Windows XP
http://support.microsoft.com/?id=308421

Note: If it's XP Home, you'll need to start in Safe Mode and login to the
built in Administrator account.

 

[M.I.5¾]

I have a HD with a corrupted windows install (blue screen on startup). I
installed the HD in another computer as a slave. I can access the drive
and
all files except the ones in the "my documents" folder. "properties"
reports
about 25GB in the folder, and using the "share" function, I can access the
subfolders but I can't copy actual files. Is there anything I can do to
access these files? Can I reinstall windows on this drive without
compromising the files?

You need to make sure that the account name on the computer you are using
exactly matches the account name of the account that the My Documents
belongs to.

 

[Patrick Keenan]

I have a HD with a corrupted windows install (blue screen on startup). I
installed the HD in another computer as a slave. I can access the drive
and
all files except the ones in the "my documents" folder. "properties"
reports
about 25GB in the folder, and using the "share" function, I can access the
subfolders but I can't copy actual files. Is there anything I can do to
access these files? Can I reinstall windows on this drive without
compromising the files?

There are two reasons this can happen. One is easy to overcome and applies
to both XP Home and Pro.

The other isn't so easy, but doesn't apply to XP Home. And I am not sure
that I recall anybody asking about it where it turned out to be a happy
story.

The first one can apply to both situations as a two-layer problem.

That easy one is that you simply have to take ownership of the files. In
XP Home, you can only do this in Safe Mode.
http://support.microsoft.com/kb/308421

And for most people, that's all it takes.

The other reason is not so simple, applies only to XP Pro, and involves
encryption and account credentials.

XP Pro (not Home) supports an encrypting file system, with quite effective
encryption. The encryption keys are based on specific information about
the user account.

When you tell XP Pro that you want to use encryption, you need to - *but you
don't have to*, and this is where the danger lies - export the account
credentials or specify a recovery agent. These credentials should be
exported, saved to more than one media (like a floppy or CD), verified, and
stored in a secure place. Only test data should be encrypted prior to
verifying the exported credentials.

If you don't do this, and lots of people don't *because you don't have to*,
when a problem like yours arises, and a reinstall is required or performed,
the user accounts will be altered and the credentials will no longer be
valid. And that means that you will have instantly lost any chance of ever
regaining access to the encrypted data.

Another easy way to permanently lose access to encrypted files is to change
the account password from outside the account - the kind of thing that would
be done for a forgotten password. There, at least, you will get a warning
that there are side effects.

There is no way to decrypt the encrypted data without the importing the
exported credentials, and if that wasn't done the data is effectively gone.
Making accounts with the same name and passwords does not work (it couldn't
be called a security feature if it was that easy to get around).

There is a chance of recovery if you did specify a recovery agent, but that
is even less common for non-corporate users than exporting the certificates.

If you are in this situation, stop now, get another hard disk, and clone
your old disk to the new one. Set the old drive aside for safety. Try to
make the system boot with the new disk, without reinstalling or changing
passwords, and remove the encryption. Only go back to the old drive if you
need to make another copy to work on.

MS did a great job of delivering strong, easy to invoke encryption. They
didn't do quite as good a job at making users actually complete the task, or
making them aware of the consequences of not completing the task.

Hopefully all you have to do is take ownership!

HTH
-pk

 

[Rock]

Nice post, Patrick.
--
Rock [MS-MVP User/Shell]

There are two reasons this can happen. One is easy to overcome and
applies to both XP Home and Pro.

The other isn't so easy, but doesn't apply to XP Home. And I am not
sure that I recall anybody asking about it where it turned out to be a
happy story.

The first one can apply to both situations as a two-layer problem.

That easy one is that you simply have to take ownership of the files. In
XP Home, you can only do this in Safe Mode.
http://support.microsoft.com/kb/308421

And for most people, that's all it takes.

The other reason is not so simple, applies only to XP Pro, and involves
encryption and account credentials.

XP Pro (not Home) supports an encrypting file system, with quite effective
encryption. The encryption keys are based on specific information about
the user account.

When you tell XP Pro that you want to use encryption, you need to - *but
you don't have to*, and this is where the danger lies - export the account
credentials or specify a recovery agent. These credentials should be
exported, saved to more than one media (like a floppy or CD), verified,
and stored in a secure place. Only test data should be encrypted prior
to verifying the exported credentials.

If you don't do this, and lots of people don't *because you don't have
to*, when a problem like yours arises, and a reinstall is required or
performed, the user accounts will be altered and the credentials will no
longer be valid. And that means that you will have instantly lost any
chance of ever regaining access to the encrypted data.

Another easy way to permanently lose access to encrypted files is to
change the account password from outside the account - the kind of thing
that would be done for a forgotten password. There, at least, you will
get a warning that there are side effects.

There is no way to decrypt the encrypted data without the importing the
exported credentials, and if that wasn't done the data is effectively
gone. Making accounts with the same name and passwords does not work (it
couldn't be called a security feature if it was that easy to get around).

There is a chance of recovery if you did specify a recovery agent, but
that is even less common for non-corporate users than exporting the
certificates.

If you are in this situation, stop now, get another hard disk, and clone
your old disk to the new one. Set the old drive aside for safety. Try to
make the system boot with the new disk, without reinstalling or changing
passwords, and remove the encryption. Only go back to the old drive if
you need to make another copy to work on.

MS did a great job of delivering strong, easy to invoke encryption. They
didn't do quite as good a job at making users actually complete the task,
or making them aware of the consequences of not completing the task.

Hopefully all you have to do is take ownership!