EFS-encrypted files recovery

[Reinaldo Kavlac]

A user re-instal windows XP and forgot to backup the EFS
certificate. the Folders on drive D: cannot be decrypted
even using same domain and password. In the Personal
Certificates only Certificate for Encrypt proposes are
available. Have any other way to recovery this files?

 

[barnski]

The only way I can see you can get the data back is if it
was encrypted by a DOMAIN USER account (not a local user on
the system). If this is the case, then there is a second,
domain-wide EFS recovery key that resides on the first
Domain Controller in the domain. That key is usually
assigned to the (original) domain administrator account.

See
http://support.microsoft.com/default.aspx?scid=kb;en-us;255742
for details.

If the data was encrypted by a local user, then sorry, but
it is gone - f you could recover it without the EFS
recovery key, there would be no point in using EFS, as I
could just steal your laptop, reinstall Windows and look at
your data. EFS was designed to stop that being possible (as
I understand it).

Good luck,

Barnski.

 

[Roger Abell]

If your machine was previously not in a domain,
or the account was a local rather than domain account,
then do you have a recent, full backup of the prior
install or of the profile of the account owning the
files ?

 

[Jupiter Jones [MVP]]

Reinaldo;
The data is most likely gone for good.
See this link:
http://www3.telus.net/dandemar/Encrypt.htm