EFS File Decryption Puzzler

P

Paul Jenkins

Here's the scenario:

I logged on to my old laptop using my domain logon and backed up all files.
The laptop was running W2K SP4. I backed the files my desktop PC on our
corporate network using Windows Backup. I reformated the old laptop. I
restored all of the files from the laptop's My Documents to a \RESTORE
folder on the desktop PC where they were backed up to. One folder, called
\personal, was encrypted on the old laptop using EFS, and it restored to the
desktop PC as an encrypted folder. So far, so good. However, when I try to
open any of the files, when logged to the desktop PC as the same domain user
that encrypted the folder in the first place, I get an access denied
messaage. When I try to unencrypt any of the files I get "an error occurred
when applying attibutes to the file" and "access denied" error message.
EFSINFO confirms that the my domain user account was used to encrypt the
original files, but yet that user cannot unencrypt the file! Very bizarre,
yes? Does anyone have any ideas as to how I can recover the files? I don't
have the private key from the original laptop because I didn't back that up,
and I can't use the administrator account from that laptop either because
the laptop has been reformated. Any assistance would be appreciated.

PJ
 
G

Guest

D

Drew Cooper [MSFT]

It was a domain machine. Chances are pretty good that the default domain
policy still had the default EFS recovery policy in place. If so, the
domain administrator should be able to decrypt your files. The recovery
cert/private key were created on the 1st DC in the domain. If they haven't
been exported, they're still in the administrator's profile on that machine.
The admin should be able to log on there and either restore (using ntbackup)
your files to that machine -or- export the certificate and private key then
import them on your machine and decrypt -or- put the recovery cert/key on
some other machine and restore, decrypt there.

Neither Microsoft PSS nor a 3rd party app can decrypt the files without the
private key of a user of recovery agent on the file.
--
Drew Cooper [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.


Austin M. Horst said:
If so, the "Recovery Agent" will contain the required public key for
Click to expand...
decryption since you did not save the private key "Certificate".
Other options:
http://www.beginningtoseethelight.org/efsrecovery/

If encryption was easy to break or bypass, what would be the point of encryption?

Read Microsoft's "Step-by-Step Guide to the Encrypting File System (EFS)"
Click to expand...
before encrypting any more files.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Problem restoring EFS key 1
Encrypted file - how to unencrypt? 0
Subject: VS2005 website deployment problems with EFS 9
EFS recovery agent 1
EFS Files Inaccessible After Profile Change (Even for Recovery Agent) 2
EFS certificate has expired 3
EFS, encryption and offline files 2
Un-encrypt a folder 2

Top