Recovering EFS from a Backup

[Guest]

Stung by EFS!
Can anyone help me recover my EFS files... I was a stand alone machine when
I encrypted, I didn't create a recovery agent (bad, bad, bad) and then I
joined a domain. Now I can't get to my EFS files. I did create a full system
backup (Not an ASR) prior to joining the domain. Can I roll back and
unencrypt, then rejoin my domain?

Thank you for your help in advance.

Mikego

 

[Guest]

Or is there an easier way? Like .cer file?

Thanks,
Mikego

 

[Jan Peter Stotz]

Stung by EFS!
Can anyone help me recover my EFS files... I was a stand alone machine when
I encrypted, I didn't create a recovery agent (bad, bad, bad) and then I
joined a domain.

That should not be a problem with EFS. Use your local account instead of
your new domain account and everything should be fine.

Jan

 

[Guest]

Jan,
I tried logging on the local account, but could not decrypt. Not sure why.
Mikego

 

[Tom H]

Nope, you're ****ed buddy. Kiss your data goodbye, forever.

 

[Shreeniwas Kelkar [MSFT]]

You should log on to the account that originally encrypted the files. You
should be able to decrypt the files.

While you are at it, also consider backing up your EFS certificate and keys.
You can then import them for data recovery should a need arise in future.

 

[Shreeniwas Kelkar [MSFT]]

Why do you mean by "could not decrypt". Can you be more specific and
describe the exact steps you are trying, the error you get, etc.

Also, can you see your EFS certificate in the MY store. Does is have a
private key associated with it?

 

[Guest]

Sorry for the delay on the response,

You asked about error messages, when I go to an encrypted file as a stand
alone user, logging into the stand alone (not connected to the domain)
machine01, I right click Properties>Advanced> UNCHECK Encrypt this file, all
goes well until I Apply then I get the "Error Applying Attributes, an error
occurred applying attributes to the file: File name, access is denied"

The thumbprints for my certificate as well as the response from EFSinfo.exe
is the same. However my thumbprint as a domain user is different.

When I run efsinfo on an encrypted file I get

Filename.txt: Encrypted
Users who can decrypt:
Machine01\Mike Go (Mike Go(Mike Go@SONY))

Machine01 is the local machine
Mike Go is my user name
Not sure what @SONY represents, other than an earlier existance

Also, could you expalin, MY Store? I went into the MMC, Certificates,
Personal, Certificates, and there appears two certificates, one with a
thumbnail from my previous life, and one with a thumbnail associated with my
domain existance.

These also appear in the Trusted People > Certificates. Both note that there
are private keys associated with them. Where would I located these?

Any help is appreciated.

THX!,
Mikego

Why do you mean by "could not decrypt". Can you be more specific and
describe the exact steps you are trying, the error you get, etc.

Also, can you see your EFS certificate in the MY store. Does is have a
private key associated with it?

--
Shreeniwas Kelkar [MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.

Jan,
I tried logging on the local account, but could not decrypt. Not sure why.
Mikego

 

[Guest]

You said that you opened MMC > Certificates > Personal > Certificates and saw
a certificate associated with your domain existence. If you are truly logged
on as the "local user" that you were when you encrypted the files on the
standalone machine, you would not see a domain certificate in this store.
(BTW: The Personal store is the MY store.)

If you encrypted the files as Machine01/Mike Go, you must log in as
Machine01/Mike Go in order to decrypt them. Don't log on as
<UserDomain>\Mike Go. (You don't have to disconnect from the domain in order
to log in with your local machine username.) Hope that helps.

Thanks.
Pat

Sorry for the delay on the response,

You asked about error messages, when I go to an encrypted file as a stand
alone user, logging into the stand alone (not connected to the domain)
machine01, I right click Properties>Advanced> UNCHECK Encrypt this file, all
goes well until I Apply then I get the "Error Applying Attributes, an error
occurred applying attributes to the file: File name, access is denied"

The thumbprints for my certificate as well as the response from EFSinfo.exe
is the same. However my thumbprint as a domain user is different.

When I run efsinfo on an encrypted file I get

Filename.txt: Encrypted
Users who can decrypt:
Machine01\Mike Go (Mike Go(Mike Go@SONY))

Machine01 is the local machine
Mike Go is my user name
Not sure what @SONY represents, other than an earlier existance

Also, could you expalin, MY Store? I went into the MMC, Certificates,
Personal, Certificates, and there appears two certificates, one with a
thumbnail from my previous life, and one with a thumbnail associated with my
domain existance.

These also appear in the Trusted People > Certificates. Both note that there
are private keys associated with them. Where would I located these?

Any help is appreciated.

THX!,
Mikego

Why do you mean by "could not decrypt". Can you be more specific and
describe the exact steps you are trying, the error you get, etc.

Also, can you see your EFS certificate in the MY store. Does is have a
private key associated with it?

--
Shreeniwas Kelkar [MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.

Jan,
I tried logging on the local account, but could not decrypt. Not sure why.
Mikego

:

Mike Go schrieb:

Stung by EFS!
Can anyone help me recover my EFS files... I was a stand alone machine
when
I encrypted, I didn't create a recovery agent (bad, bad, bad) and then
I
joined a domain.

That should not be a problem with EFS. Use your local account instead of
your new domain account and everything should be fine.

Jan