Sorry, I couldn't reply to that e-mail address for some
reason.
Here is what I meant to add :
Hello ! Thanks for replying !!
I will try to clarify each point.
I changed my domain password which broke EFS 1. When I
look at these files' encryption details, I see my name
complete with domain with a 'strange' thumbprint. It is
not the same thumbprint as on my exported certificate.
The domain remained the same. In my EFS reading, being
part of a domain changes/complicates things but nothing
is explained on what differs...
At this point, I usually remember to import my
certificate. This keeps my access to my previous
encrypted files somehow. This time, I did not remember.
When I was offline ( but logged in with cached
credentials ), I put some files into an encrypted folder,
inheriting the encryption status.
I found that the next day , I couldn't access the
encrypted files ! This struck me as odd but I then
remembered to import my certificate. This did not help me
to read the file. I also could not read older encrypted
files.
I checked my two encrypted folders and found the files to
have separate thumbprints next to my name as encryptor !
I don't recognize either !! I suspect that because the
thumbprint is not the same that I can't open the file (
some sort of certificate mis-matching, even though it's
my name and domain listed ?? ).
I haven't used the cipher.exe or esfinfo.exe commands
yet. I have been using Explorer file properties and the
certificate snap-in for MMC for all my info...
Under MMC, I see several stores and my certificate is
there in several of them ( Personal, Trusted Root,
Enterprise Trust, and Trusted People ) but only the one
I'm used to with a special thumbprint that doesn't match
the encrypted files I'm trying to recover. I don't see
any other certificates in my name... I'm not sure how to
check other profiles either, like you mentioned below...?
Needless to say, I've made myself a file recovery
certificate. On new encrypted files, I also see that
present as a Data Recovery agent... Small consolation !
I have heard about MS reccerts.exe but not sure how to
get it and what it does ? I have also looked at my
certificates and it seems that the thumbprint is an
editable item. I am now looking into that aspect.
On an interesting note, I CAN delete the encrypted
files !! I'm not sure how that happened, if it's the file
recovery certificate or not. Maybe I can fool it by
deleting a less critical file, removing encryption from
it's folder, and restoring the file from the recycle
bin ?!? Long shot, eh ?
Perhaps something really nasty hit my registry that day
while I was web-surfing. I have lost all my system
restore points from before that date. I had thought of
going back to the day I encrypted the files originally
but found I couldn't...
Anyways, thanks for sticking with me !
Ron Tyles