Please Help with Encrypted Folder

G

Guest

Hello,

I am a Windows XP user. Under an original username, I encrypted a folder
which I was able to access as long as I was within that particular account.
No other Users could access it, as they would be denied entrance (standard
fare for an encrypted folder, as I understand it).

Then, through a series of unrelated events, I began having issues with that
particular desktop and had to create a new User identity, then transfer all
my files to that new account. With the transfer, my encrypted folder now does
not recognise the new account and is acting like I'm another User trying to
access the folder of the original account, denying me entrance. I've tried
going into the advanced Properties to decrypt the folder and it's files, but
this does not work.

Can anyone please tell me if there is a way to take the encryption off as a
supposed "outside User"? I keep hitting brick walls in my searches. The
contents of this folder are quite important to me, and I would very much like
to be able to access them again.

Thank you to those who took the time to read this and to all who respond.
 
S

Steven L Umbach

Logon as the old user and then you should be able to decrypt the files
assuming your old user profile is still intact to the point it at least
includes your EFS private key. If that works then you can logon as your new
user account and then encrypt them again. If you can not decrypt them with
the old user account then you may have lost permanent access to those EFS
files unless you have clear text backups, there is a Recovery Agent on your
computer [unlikely though check EFS file properties], you are in an Active
Directory domain that has a Recovery Agent configured or archives user's EFS
private keys, there is a backup of your EFS private key in a password
protected .pfx file somewhere, or there is a backup of your old user profile
that contains your EFS private key. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316 --- EFS
best practices
 
G

Guest

Thank you, but the problem is that I've actually deleted the old User
account. Is there a way to access them through the new account without the
use of the old account? And how can I find this backup of my EFS private key?
I wouldn't even know where to begin to search...

Steven L Umbach said:
Logon as the old user and then you should be able to decrypt the files
assuming your old user profile is still intact to the point it at least
includes your EFS private key. If that works then you can logon as your new
user account and then encrypt them again. If you can not decrypt them with
the old user account then you may have lost permanent access to those EFS
files unless you have clear text backups, there is a Recovery Agent on your
computer [unlikely though check EFS file properties], you are in an Active
Directory domain that has a Recovery Agent configured or archives user's EFS
private keys, there is a backup of your EFS private key in a password
protected .pfx file somewhere, or there is a backup of your old user profile
that contains your EFS private key. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316 --- EFS
best practices

k_athryn05 said:
Hello,

I am a Windows XP user. Under an original username, I encrypted a folder
which I was able to access as long as I was within that particular
account.
No other Users could access it, as they would be denied entrance (standard
fare for an encrypted folder, as I understand it).

Then, through a series of unrelated events, I began having issues with
that
particular desktop and had to create a new User identity, then transfer
all
my files to that new account. With the transfer, my encrypted folder now
does
not recognise the new account and is acting like I'm another User trying
to
access the folder of the original account, denying me entrance. I've tried
going into the advanced Properties to decrypt the folder and it's files,
but
this does not work.

Can anyone please tell me if there is a way to take the encryption off as
a
supposed "outside User"? I keep hitting brick walls in my searches. The
contents of this folder are quite important to me, and I would very much
like
to be able to access them again.

Thank you to those who took the time to read this and to all who respond.
Click to expand...
Click to expand...
 
S

Steven L Umbach

There would only be a backup of your EFS private key if you had made one
yourself at some point in time by using the mmc snapin for certificates to
find your EFS certificate/private key and export it - it is not automated.
Unfortunately deleting the old user account will make it difficult though
not necessarily impossible to access your EFS files assuming that your old
user profile under documents and settings is still on the computer and the
EFS private key is still intact in the application data
folder\Microsoft\crypto\RSA\user sid folder that is a hidden folder which
can be seen once you tell Explorer to show hidden folders. You can not use
it via normal means since the user account associated with it is gone though
paid Microsoft support or a third part program such as the one from
Elcomsoft may work [$99 - cheaper than calling Microsoft for support].
Elcomsoft has a free trial version that can at least tell you if your EFS
private key is recoverable which it will search for and then you need to
input the password for the deleted user if found though the trial version
will only recover very small files just to let you know that it does work.
See the link below if interested. --- Steve

http://www.elcomsoft.com/aefsdr.html

Kathryn C. said:
Thank you, but the problem is that I've actually deleted the old User
account. Is there a way to access them through the new account without the
use of the old account? And how can I find this backup of my EFS private
key?
I wouldn't even know where to begin to search...

Steven L Umbach said:
Logon as the old user and then you should be able to decrypt the files
assuming your old user profile is still intact to the point it at least
includes your EFS private key. If that works then you can logon as your
new
user account and then encrypt them again. If you can not decrypt them
with
the old user account then you may have lost permanent access to those EFS
files unless you have clear text backups, there is a Recovery Agent on
your
computer [unlikely though check EFS file properties], you are in an
Active
Directory domain that has a Recovery Agent configured or archives user's
EFS
private keys, there is a backup of your EFS private key in a password
protected .pfx file somewhere, or there is a backup of your old user
profile
that contains your EFS private key. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316 --- EFS
best practices

k_athryn05 said:
Hello,

I am a Windows XP user. Under an original username, I encrypted a
folder
which I was able to access as long as I was within that particular
account.
No other Users could access it, as they would be denied entrance
(standard
fare for an encrypted folder, as I understand it).

Then, through a series of unrelated events, I began having issues with
that
particular desktop and had to create a new User identity, then transfer
all
my files to that new account. With the transfer, my encrypted folder
now
does
not recognise the new account and is acting like I'm another User
trying
to
access the folder of the original account, denying me entrance. I've
tried
going into the advanced Properties to decrypt the folder and it's
files,
but
this does not work.

Can anyone please tell me if there is a way to take the encryption off
as
a
supposed "outside User"? I keep hitting brick walls in my searches. The
contents of this folder are quite important to me, and I would very
much
like
to be able to access them again.

Thank you to those who took the time to read this and to all who
respond.
Click to expand...
Click to expand...
Click to expand...
 
G

Guest

Thank you so much for your help, Steve, I'm sorry for being so clueless! I
downloaded that program you suggested, and it's showing me all my encrypted
files and folders but telling me that they are "Not decryptable". Is it time
to lose hope?

Steven L Umbach said:
There would only be a backup of your EFS private key if you had made one
yourself at some point in time by using the mmc snapin for certificates to
find your EFS certificate/private key and export it - it is not automated.
Unfortunately deleting the old user account will make it difficult though
not necessarily impossible to access your EFS files assuming that your old
user profile under documents and settings is still on the computer and the
EFS private key is still intact in the application data
folder\Microsoft\crypto\RSA\user sid folder that is a hidden folder which
can be seen once you tell Explorer to show hidden folders. You can not use
it via normal means since the user account associated with it is gone though
paid Microsoft support or a third part program such as the one from
Elcomsoft may work [$99 - cheaper than calling Microsoft for support].
Elcomsoft has a free trial version that can at least tell you if your EFS
private key is recoverable which it will search for and then you need to
input the password for the deleted user if found though the trial version
will only recover very small files just to let you know that it does work.
See the link below if interested. --- Steve

http://www.elcomsoft.com/aefsdr.html

Kathryn C. said:
Thank you, but the problem is that I've actually deleted the old User
account. Is there a way to access them through the new account without the
use of the old account? And how can I find this backup of my EFS private
key?
I wouldn't even know where to begin to search...

Steven L Umbach said:
Logon as the old user and then you should be able to decrypt the files
assuming your old user profile is still intact to the point it at least
includes your EFS private key. If that works then you can logon as your
new
user account and then encrypt them again. If you can not decrypt them
with
the old user account then you may have lost permanent access to those EFS
files unless you have clear text backups, there is a Recovery Agent on
your
computer [unlikely though check EFS file properties], you are in an
Active
Directory domain that has a Recovery Agent configured or archives user's
EFS
private keys, there is a backup of your EFS private key in a password
protected .pfx file somewhere, or there is a backup of your old user
profile
that contains your EFS private key. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316 --- EFS
best practices

Hello,

I am a Windows XP user. Under an original username, I encrypted a
folder
which I was able to access as long as I was within that particular
account.
No other Users could access it, as they would be denied entrance
(standard
fare for an encrypted folder, as I understand it).

Then, through a series of unrelated events, I began having issues with
that
particular desktop and had to create a new User identity, then transfer
all
my files to that new account. With the transfer, my encrypted folder
now
does
not recognise the new account and is acting like I'm another User
trying
to
access the folder of the original account, denying me entrance. I've
tried
going into the advanced Properties to decrypt the folder and it's
files,
but
this does not work.

Can anyone please tell me if there is a way to take the encryption off
as
a
supposed "outside User"? I keep hitting brick walls in my searches. The
contents of this folder are quite important to me, and I would very
much
like
to be able to access them again.

Thank you to those who took the time to read this and to all who
respond.
Click to expand...
Click to expand...
Click to expand...
 
G

Guest

Your problem here is that you no longer have the encryptioon key, which was
stored in the old user-profile.

If you still have the old profile you can try re-creating the user.
Everything must be exactly as it was before, same passowrd, profile in same
location, etc.

Alternaitvely see if you can decrypt the files logged-on as Administrator.
There is always a second user with a key, normally this is either the local
Admin or the Domain Admin.
 
S

Steven L Umbach

Did it find any private keys? If so you need to add the user name and
password to see if it can decrypt them. If it did not find any then you are
out of luck. --- Steve


Kathryn C. said:
Thank you so much for your help, Steve, I'm sorry for being so clueless! I
downloaded that program you suggested, and it's showing me all my
encrypted
files and folders but telling me that they are "Not decryptable". Is it
time
to lose hope?

Steven L Umbach said:
There would only be a backup of your EFS private key if you had made one
yourself at some point in time by using the mmc snapin for certificates
to
find your EFS certificate/private key and export it - it is not
automated.
Unfortunately deleting the old user account will make it difficult though
not necessarily impossible to access your EFS files assuming that your
old
user profile under documents and settings is still on the computer and
the
EFS private key is still intact in the application data
folder\Microsoft\crypto\RSA\user sid folder that is a hidden folder which
can be seen once you tell Explorer to show hidden folders. You can not
use
it via normal means since the user account associated with it is gone
though
paid Microsoft support or a third part program such as the one from
Elcomsoft may work [$99 - cheaper than calling Microsoft for support].
Elcomsoft has a free trial version that can at least tell you if your EFS
private key is recoverable which it will search for and then you need to
input the password for the deleted user if found though the trial version
will only recover very small files just to let you know that it does
work.
See the link below if interested. --- Steve

http://www.elcomsoft.com/aefsdr.html

Kathryn C. said:
Thank you, but the problem is that I've actually deleted the old User
account. Is there a way to access them through the new account without
the
use of the old account? And how can I find this backup of my EFS
private
key?
I wouldn't even know where to begin to search...

:

Logon as the old user and then you should be able to decrypt the files
assuming your old user profile is still intact to the point it at
least
includes your EFS private key. If that works then you can logon as
your
new
user account and then encrypt them again. If you can not decrypt them
with
the old user account then you may have lost permanent access to those
EFS
files unless you have clear text backups, there is a Recovery Agent on
your
computer [unlikely though check EFS file properties], you are in an
Active
Directory domain that has a Recovery Agent configured or archives
user's
EFS
private keys, there is a backup of your EFS private key in a password
protected .pfx file somewhere, or there is a backup of your old user
profile
that contains your EFS private key. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316 ---
EFS
best practices

Hello,

I am a Windows XP user. Under an original username, I encrypted a
folder
which I was able to access as long as I was within that particular
account.
No other Users could access it, as they would be denied entrance
(standard
fare for an encrypted folder, as I understand it).

Then, through a series of unrelated events, I began having issues
with
that
particular desktop and had to create a new User identity, then
transfer
all
my files to that new account. With the transfer, my encrypted folder
now
does
not recognise the new account and is acting like I'm another User
trying
to
access the folder of the original account, denying me entrance. I've
tried
going into the advanced Properties to decrypt the folder and it's
files,
but
this does not work.

Can anyone please tell me if there is a way to take the encryption
off
as
a
supposed "outside User"? I keep hitting brick walls in my searches.
The
contents of this folder are quite important to me, and I would very
much
like
to be able to access them again.

Thank you to those who took the time to read this and to all who
respond.
Click to expand...
Click to expand...
Click to expand...
 
S

Steven L Umbach

The problem is that you can create a new user account with the same name but
it has a different SID and would not be considered the same to the operating
system and would not work for EFS even if you copy the old profile over to
the new user and use the same password. It is always a good idea to try and
use the administrator account to decrypt the files but rarely is one
configured in XP Pro as unlike Windows 2000 it is not required nor generated
automatically in XP Pro though a computer in an Active Directory domain may
have one if the domain administrators configured one for enforcement via
Group Policy. --- Steve
 
G

Guest

Right, and I don't even think I have the old profile, so it's a moot point.
As for the "Administrator" account, I do have an account called "ASP.NET
Machine A..." that does not appear on the Welcome Screen and which I cannot
access even through the classic "log-in" methods, as it tells me: "The local
policy of this system does not permit you to logon interactively". Is this
account something that would be useful to me, or should I just forget it?
Also, I'm able to access this account through the "Documents and Settings"
folder in my C Drive. Can I do anything from there?
 
G

Guest

Thank you, coal_brona. I downloaded the "UnEraser" programme, but I have no
idea how to use it. I'm not able to access anything through it. Is it because
it's the "demo" version, and therefore not going to be of much use, or should
I be able to work with it if I keep trying?
 
S

Steven L Umbach

If the program from Elcomsoft did not find any EFS private key on your
computer then you are out of luck. You could take your computer to a data
recover specialist that also knows EFS and they could try to recover the EFS
private key from deleted files. However there would be no guarantee and the
fee for such services is usually substantial. --- Steve
 
G

Guest

The programme from Elcomsoft did find the EFS private key, but unfortunately
I think that because it's the free trial version, it doesn't actually do
anything with it. And, as a poor student, I can't really afford to get the
actual version at this time. Regardless, I thank you very much for your time
and for your help. At least now I have other avenues to explore, maybe in the
future when I'm more capable of doing so.

Thank you again.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

problem with encrypted folder 1
can't access encrypted files 3
EFS nightmare 3
Cannot decrypt EFS-encrypted file even though I loaded the previously-used encryption certificate 2
problem with encrypted folder in Win XP 2
XP Encryption - quick questions 1
encrypted files 1
XP Encrypted files..locked out 4

Top