Encrypted file recovery - Still have profile, etc

C

Charles

I use Windows XP Pro on a standalone machine. Recently,
I encrypted several individual files and one folder on my
local drive. A short time later, the drive failed. I
ran Norton Disk Doctor and repaired several problems on
the disk surface. Fortunately, most of the data
(including the encrypted files and previous user
settings) is still accessible. Unfortunately, the drive
will not boot and I did not export my certificates prior
to the crash.

I used the built-in Administrator account to encrypt the
files that I now wish to recover. After the crash, I
connected the harddisk to another computer and I am able
to access the user data files (NTUSER.DAT, etc) for the
old Administrator. However, since the drive will not
boot, I have not been unable to figure out how to export
the old-Administrator certificate (the one that
originally encrypted the files). Can anyone offer
suggestions to recover the files in this situation? It
seems like I have all of the necessary pieces, I just
can't seem to come up with a strategy for putting them
together.

Thanks,
Charles

(P.S., I tried creating a new user account on the
functioning computer and copying Ntuser.dat,
Ntuser.dat.log, and Ntuser.ini to the directory as
suggested in one of the KB articles I read.
Unforunately, when I logged in as this new user, I was
unable to decrypt the files.)
 
C

Carey Frisch [MVP]

HOW TO: Remove File Encryption in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;EN-US;308993

Without a backup of the original Encryption Certificate Key, encrypted files
are unrecoverable as they will stay encrypted forever. There is no recovery
method since the encryption algorithm is now completely different with a
reinstall of Windows XP.

See if the following articles help in any way:

HOW TO: Take Ownership of a File or Folder in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;308421

Best Practices for the Encrypting File System
http://support.microsoft.com/default.aspx?scid=kb;en-us;223316

Encrypting File System in Windows XP
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prod
technol/winxppro/deploy/CryptFS.asp

EFS Files Appear Corrupted When You Open Them
http://support.microsoft.com/default.aspx?scid=kb;en-us;329741

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

-------------------------------------------------------------------------------------


| I use Windows XP Pro on a standalone machine. Recently,
| I encrypted several individual files and one folder on my
| local drive. A short time later, the drive failed. I
| ran Norton Disk Doctor and repaired several problems on
| the disk surface. Fortunately, most of the data
| (including the encrypted files and previous user
| settings) is still accessible. Unfortunately, the drive
| will not boot and I did not export my certificates prior
| to the crash.
|
| I used the built-in Administrator account to encrypt the
| files that I now wish to recover. After the crash, I
| connected the harddisk to another computer and I am able
| to access the user data files (NTUSER.DAT, etc) for the
| old Administrator. However, since the drive will not
| boot, I have not been unable to figure out how to export
| the old-Administrator certificate (the one that
| originally encrypted the files). Can anyone offer
| suggestions to recover the files in this situation? It
| seems like I have all of the necessary pieces, I just
| can't seem to come up with a strategy for putting them
| together.
|
| Thanks,
| Charles
|
| (P.S., I tried creating a new user account on the
| functioning computer and copying Ntuser.dat,
| Ntuser.dat.log, and Ntuser.ini to the directory as
| suggested in one of the KB articles I read.
| Unforunately, when I logged in as this new user, I was
| unable to decrypt the files.)
 
T

Torgeir Bakken (MVP)

Charles said:
I use Windows XP Pro on a standalone machine. Recently,
I encrypted several individual files and one folder on my
local drive. A short time later, the drive failed. I
ran Norton Disk Doctor and repaired several problems on
the disk surface. Fortunately, most of the data
(including the encrypted files and previous user
settings) is still accessible. Unfortunately, the drive
will not boot and I did not export my certificates prior
to the crash.
Click to expand...

Hi

If you have access to the user profile folders for the user that encrypted the
files and you remember the password for that user, you might be able to save
the files. Take a look at this site:

http://www.beginningtoseethelight.org/efsrecovery/
 
R

Roger Abell [MVP]

Your shortest path may be in getting the system working.
While you have the drive attached, get copies of your
files and the entire profile of the encrypting account.
Use NTbackup to package a copy of these into a file.

After I had the important stuff safely stored away, I then
would try an inplace upgrade (repair) install.
http://support.microsoft.com/?id=315341

If that does not work, and you have no other way to
restore the prior system, then you are looking at either
a paid support call to MS, or, purchase of third-party
software, or, use of info at
http://www.beginningtoseethelight.org/efsrecovery/
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Encrypted Files 3
Windows 7 Post Recovery Issues 4
recover EFS certificate/key without the wizard/cipher.exe 1
EFS nightmare 3
can't access encrypted files 3
New OS - can’t get files in old EFS-encrypted directory 3
EFS Data Recovery 1
EFS data recovery 2

Top