WinXp EFS decryption problem

[pd42]

My office laptop harddisk crashed last week, but luckily the service
guy that came to pick it up was able to recover an encrypted folder and
burned that folder on a CD which he gave back to me. The service guy
doesn't know my password (I didn't give it to him), so I am assuming
that the contents on the CD is still encrypted.

I have a new laptop now and copied the CD to my new laptop. winxp
recogizes the files/folders with the correct type and size, but
doesn't recognize them as encrypted (no green color) and I cannot open
any of them!!

How can I decrypt this folder????

I tried logging in as admin and run the Certificates Manager to
configure admin as the default recovery agent for all encrypted files.

The problem however remains that winxp does not 'know' that this folder
was encrypted in the first place (or else it would have a green color
which it doesn't) and winxp doesn't recognize that its encrypted stuff,
so if I try to open a .pst, .doc, or .xls it doesn't work...

Any help is greatly appreciated.

 

[Mike Brannigan [MSFT]]

My office laptop harddisk crashed last week, but luckily the service
guy that came to pick it up was able to recover an encrypted folder and
burned that folder on a CD which he gave back to me. The service guy
doesn't know my password (I didn't give it to him), so I am assuming
that the contents on the CD is still encrypted.

I have a new laptop now and copied the CD to my new laptop. winxp
recogizes the files/folders with the correct type and size, but
doesn't recognize them as encrypted (no green color) and I cannot open
any of them!!

How can I decrypt this folder????

I tried logging in as admin and run the Certificates Manager to
configure admin as the default recovery agent for all encrypted files.

The problem however remains that winxp does not 'know' that this folder
was encrypted in the first place (or else it would have a green color
which it doesn't) and winxp doesn't recognize that its encrypted stuff,
so if I try to open a .pst, .doc, or .xls it doesn't work...

Any help is greatly appreciated.

There are a couple of things here.
The file on CD may well still be encrypted but because it is not an NTFS
format CD (no such thing) it will not see the encrypted file attribute on
the file so it will not show up green.

Passwords are not really the issue here. What you needed from your old
laptop was the certificates and keys for the account that encrypted those
files.
If that laptop is no longer available to retrieve these files then your
files are lost to you and will remain encrypted (there is no back door here
you need either the keys and certs of the account that did the encryption or
the keys and certs of the recovery agent on that machine (if one had been
created before the files were encrypted)).


--

Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups

 

[pd42]

Mike,
I did export the certificates/keys and copied them to another disk, I do
have them.
So how can I decrypt the folder (while winxp thinks it is not encrpyted)
with that certificate?

 

[pd42]

And then there was silence...
I guess there is no way to recover, even if I still have my
certificate...
Lesson learned: don't use EFS

Mike,
I did export the certificates/keys and copied them to another disk, I do
have them.
So how can I decrypt the folder (while winxp thinks it is not encrpyted)
with that certificate?


"Mike Brannigan [MSFT]" <[email protected]> schreef in bericht

There are a couple of things here.
The file on CD may well still be encrypted but because it is not an NTFS
format CD (no such thing) it will not see the encrypted file attribute on
the file so it will not show up green.

Passwords are not really the issue here. What you needed from your old
laptop was the certificates and keys for the account that encrypted those
files.
If that laptop is no longer available to retrieve these files then your
files are lost to you and will remain encrypted (there is no back door
here you need either the keys and certs of the account that did the
encryption or the keys and certs of the recovery agent on that machine (if
one had been created before the files were encrypted)).


--

Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups

 

[Mike Brannigan [MSFT]]

And then there was silence...
I guess there is no way to recover, even if I still have my
certificate...
Lesson learned: don't use EFS

Not silence - My work in this group is voluntary. I was hoping that you
would get some peer support.

But as regards your certificates and keys etc. You import these are
documented in the online help
This is also covered in more depth in Chapter 17 of the Windows XP Resource
Kit documentation (available online on the TechNet website
www.microsoft.com/technet)
Once you have your certificates to decrypt the file imported the next issue
is related to the way the encrypted file was taken from your old PC.
Do you know what method was used to get the file off the disk and onto the
CD (a none EFS aware media) ?

The chances are the file may still be in encrypted form.
So get it off the CD onto an NTFS volume - then check its attributes - you
are looking for the encrypted one. If this is still set you should then be
good to go and use the cipher command line tool to decrypt the file.
You may firstly need to change the permissions on the file to take ownership
of it to allow you to read/write/decrypt the file.

--

Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups

And then there was silence...
I guess there is no way to recover, even if I still have my
certificate...
Lesson learned: don't use EFS

Mike,
I did export the certificates/keys and copied them to another disk, I do
have them.
So how can I decrypt the folder (while winxp thinks it is not encrpyted)
with that certificate?


"Mike Brannigan [MSFT]" <[email protected]> schreef in bericht

My office laptop harddisk crashed last week, but luckily the service
guy that came to pick it up was able to recover an encrypted folder and
burned that folder on a CD which he gave back to me. The service guy
doesn't know my password (I didn't give it to him), so I am assuming
that the contents on the CD is still encrypted.

I have a new laptop now and copied the CD to my new laptop. winxp
recogizes the files/folders with the correct type and size, but
doesn't recognize them as encrypted (no green color) and I cannot open
any of them!!

How can I decrypt this folder????

I tried logging in as admin and run the Certificates Manager to
configure admin as the default recovery agent for all encrypted files.

The problem however remains that winxp does not 'know' that this folder
was encrypted in the first place (or else it would have a green color
which it doesn't) and winxp doesn't recognize that its encrypted stuff,
so if I try to open a .pst, .doc, or .xls it doesn't work...

Any help is greatly appreciated.

There are a couple of things here.
The file on CD may well still be encrypted but because it is not an NTFS
format CD (no such thing) it will not see the encrypted file attribute on
the file so it will not show up green.

Passwords are not really the issue here. What you needed from your old
laptop was the certificates and keys for the account that encrypted those
files.
If that laptop is no longer available to retrieve these files then your
files are lost to you and will remain encrypted (there is no back door
here you need either the keys and certs of the account that did the
encryption or the keys and certs of the recovery agent on that machine (if
one had been created before the files were encrypted)).


--

Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups

My office laptop harddisk crashed last week, but luckily the service
guy that came to pick it up was able to recover an encrypted folder and
burned that folder on a CD which he gave back to me. The service guy
doesn't know my password (I didn't give it to him), so I am assuming
that the contents on the CD is still encrypted.

I have a new laptop now and copied the CD to my new laptop. winxp
recogizes the files/folders with the correct type and size, but
doesn't recognize them as encrypted (no green color) and I cannot open
any of them!!

How can I decrypt this folder????

I tried logging in as admin and run the Certificates Manager to
configure admin as the default recovery agent for all encrypted files.

The problem however remains that winxp does not 'know' that this folder
was encrypted in the first place (or else it would have a green color
which it doesn't) and winxp doesn't recognize that its encrypted stuff,
so if I try to open a .pst, .doc, or .xls it doesn't work...

Any help is greatly appreciated.

 

[pd42]

NTFS shows that the encryption attribute is not checked (and the
files/folders are not green).
I don't know how exactly the CD was created. BTW, the cipher command shows
them as unencrypted (U) as well.
The folder/file structure and sizes etc seem completely intact, but all
files contain unrecognizable information.
Thanks for your help anyway.

And then there was silence...
I guess there is no way to recover, even if I still have my
certificate...
Lesson learned: don't use EFS

Not silence - My work in this group is voluntary. I was hoping that you
would get some peer support.

But as regards your certificates and keys etc. You import these are
documented in the online help
This is also covered in more depth in Chapter 17 of the Windows XP
Resource Kit documentation (available online on the TechNet website
www.microsoft.com/technet)
Once you have your certificates to decrypt the file imported the next
issue is related to the way the encrypted file was taken from your old PC.
Do you know what method was used to get the file off the disk and onto the
CD (a none EFS aware media) ?

The chances are the file may still be in encrypted form.
So get it off the CD onto an NTFS volume - then check its attributes - you
are looking for the encrypted one. If this is still set you should then
be good to go and use the cipher command line tool to decrypt the file.
You may firstly need to change the permissions on the file to take
ownership of it to allow you to read/write/decrypt the file.

--

Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups

And then there was silence...
I guess there is no way to recover, even if I still have my
certificate...
Lesson learned: don't use EFS

Mike,
I did export the certificates/keys and copied them to another disk, I do
have them.
So how can I decrypt the folder (while winxp thinks it is not encrpyted)
with that certificate?


"Mike Brannigan [MSFT]" <[email protected]> schreef in bericht
My office laptop harddisk crashed last week, but luckily the service
guy that came to pick it up was able to recover an encrypted folder and
burned that folder on a CD which he gave back to me. The service guy
doesn't know my password (I didn't give it to him), so I am assuming
that the contents on the CD is still encrypted.

I have a new laptop now and copied the CD to my new laptop. winxp
recogizes the files/folders with the correct type and size, but
doesn't recognize them as encrypted (no green color) and I cannot open
any of them!!

How can I decrypt this folder????

I tried logging in as admin and run the Certificates Manager to
configure admin as the default recovery agent for all encrypted files.

The problem however remains that winxp does not 'know' that this folder
was encrypted in the first place (or else it would have a green color
which it doesn't) and winxp doesn't recognize that its encrypted stuff,
so if I try to open a .pst, .doc, or .xls it doesn't work...

Any help is greatly appreciated.

There are a couple of things here.
The file on CD may well still be encrypted but because it is not an NTFS
format CD (no such thing) it will not see the encrypted file attribute on
the file so it will not show up green.

Passwords are not really the issue here. What you needed from your old
laptop was the certificates and keys for the account that encrypted those
files.
If that laptop is no longer available to retrieve these files then your
files are lost to you and will remain encrypted (there is no back door
here you need either the keys and certs of the account that did the

encryption or the keys and certs of the recovery agent on that machine (if
one had been created before the files were encrypted)).


--

Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups

My office laptop harddisk crashed last week, but luckily the service
guy that came to pick it up was able to recover an encrypted folder and
burned that folder on a CD which he gave back to me. The service guy
doesn't know my password (I didn't give it to him), so I am assuming
that the contents on the CD is still encrypted.

I have a new laptop now and copied the CD to my new laptop. winxp
recogizes the files/folders with the correct type and size, but
doesn't recognize them as encrypted (no green color) and I cannot open
any of them!!

How can I decrypt this folder????

I tried logging in as admin and run the Certificates Manager to
configure admin as the default recovery agent for all encrypted files.

The problem however remains that winxp does not 'know' that this folder
was encrypted in the first place (or else it would have a green color
which it doesn't) and winxp doesn't recognize that its encrypted stuff,
so if I try to open a .pst, .doc, or .xls it doesn't work...

Any help is greatly appreciated.

 

[Kerry Liles]

If the file contains "unrecognizable" information then one might presume
that the file was copied 'body and bones' from the old system to the CD. It
seems certain that it most certainly was NOT decrypted and copied...

Is there no way to force the command line tool to decrypt a file that
appears to not be *marked* as encrypted?? {sorry - I guess that question is
for any MS lurkers in this group} I have tended to avoid EFS as much as
possible so I am afraid I cannot offer any practical advice - only virtual
advice.

NTFS shows that the encryption attribute is not checked (and the
files/folders are not green).
I don't know how exactly the CD was created. BTW, the cipher command shows
them as unencrypted (U) as well.
The folder/file structure and sizes etc seem completely intact, but all
files contain unrecognizable information.
Thanks for your help anyway.

And then there was silence...
I guess there is no way to recover, even if I still have my
certificate...
Lesson learned: don't use EFS

Not silence - My work in this group is voluntary. I was hoping that you
would get some peer support.

But as regards your certificates and keys etc. You import these are
documented in the online help
This is also covered in more depth in Chapter 17 of the Windows XP
Resource Kit documentation (available online on the TechNet website
www.microsoft.com/technet)
Once you have your certificates to decrypt the file imported the next
issue is related to the way the encrypted file was taken from your old PC.
Do you know what method was used to get the file off the disk and onto the
CD (a none EFS aware media) ?

The chances are the file may still be in encrypted form.
So get it off the CD onto an NTFS volume - then check its attributes - you
are looking for the encrypted one. If this is still set you should then
be good to go and use the cipher command line tool to decrypt the file.
You may firstly need to change the permissions on the file to take
ownership of it to allow you to read/write/decrypt the file.

--

Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups

And then there was silence...
I guess there is no way to recover, even if I still have my
certificate...
Lesson learned: don't use EFS



pd42 wrote:
Mike,
I did export the certificates/keys and copied them to another disk, I
do
have them.
So how can I decrypt the folder (while winxp thinks it is not
encrpyted)
with that certificate?


"Mike Brannigan [MSFT]" <[email protected]> schreef in
bericht
My office laptop harddisk crashed last week, but luckily the
service
guy that came to pick it up was able to recover an encrypted
folder and
burned that folder on a CD which he gave back to me. The service
guy
doesn't know my password (I didn't give it to him), so I am
assuming
that the contents on the CD is still encrypted.

I have a new laptop now and copied the CD to my new laptop. winxp
recogizes the files/folders with the correct type and size, but
doesn't recognize them as encrypted (no green color) and I cannot
open
any of them!!

How can I decrypt this folder????

I tried logging in as admin and run the Certificates Manager to
configure admin as the default recovery agent for all encrypted
files.

The problem however remains that winxp does not 'know' that this
folder
was encrypted in the first place (or else it would have a green
color
which it doesn't) and winxp doesn't recognize that its encrypted
stuff,
so if I try to open a .pst, .doc, or .xls it doesn't work...

Any help is greatly appreciated.

There are a couple of things here.
The file on CD may well still be encrypted but because it is not an
NTFS
format CD (no such thing) it will not see the encrypted file
attribute on
the file so it will not show up green.

Passwords are not really the issue here. What you needed from your
old
laptop was the certificates and keys for the account that encrypted
those
files.
If that laptop is no longer available to retrieve these files then
your
files are lost to you and will remain encrypted (there is no back
door
here you need either the keys and certs of the account that did the

encryption or the keys and certs of the recovery agent on that
machine (if
one had been created before the files were encrypted)).


--

Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use
these
newsgroups

My office laptop harddisk crashed last week, but luckily the
service
guy that came to pick it up was able to recover an encrypted
folder and
burned that folder on a CD which he gave back to me. The service
guy
doesn't know my password (I didn't give it to him), so I am
assuming
that the contents on the CD is still encrypted.

I have a new laptop now and copied the CD to my new laptop. winxp
recogizes the files/folders with the correct type and size, but
doesn't recognize them as encrypted (no green color) and I cannot
open
any of them!!

How can I decrypt this folder????

I tried logging in as admin and run the Certificates Manager to
configure admin as the default recovery agent for all encrypted
files.

The problem however remains that winxp does not 'know' that this
folder
was encrypted in the first place (or else it would have a green
color
which it doesn't) and winxp doesn't recognize that its encrypted
stuff,
so if I try to open a .pst, .doc, or .xls it doesn't work...

Any help is greatly appreciated.

 

[pd42]

Kerry,
If you are right then I will avoid EFS from now on. You would expect
that EFS should be able to decypher your files after a harddisk crash
and partial recovery to a burned CD, but it seems that this is
impossible.

If the file contains "unrecognizable" information then one might presume
that the file was copied 'body and bones' from the old system to the CD. It
seems certain that it most certainly was NOT decrypted and copied...

Is there no way to force the command line tool to decrypt a file that
appears to not be *marked* as encrypted?? {sorry - I guess that question is
for any MS lurkers in this group} I have tended to avoid EFS as much as
possible so I am afraid I cannot offer any practical advice - only virtual
advice.

NTFS shows that the encryption attribute is not checked (and the
files/folders are not green).
I don't know how exactly the CD was created. BTW, the cipher command shows
them as unencrypted (U) as well.
The folder/file structure and sizes etc seem completely intact, but all
files contain unrecognizable information.
Thanks for your help anyway.


"Mike Brannigan [MSFT]" <[email protected]> schreef in bericht

And then there was silence...
I guess there is no way to recover, even if I still have my
certificate...
Lesson learned: don't use EFS



Not silence - My work in this group is voluntary. I was hoping that you
would get some peer support.

But as regards your certificates and keys etc. You import these are
documented in the online help
This is also covered in more depth in Chapter 17 of the Windows XP
Resource Kit documentation (available online on the TechNet website
www.microsoft.com/technet)
Once you have your certificates to decrypt the file imported the next
issue is related to the way the encrypted file was taken from

your old
PC. onto

the

attributes -
you

are looking for the encrypted one. If this is still set you should then
be good to go and use the cipher command line tool to decrypt the file.
You may firstly need to change the permissions on the file to take
ownership of it to allow you to read/write/decrypt the file.

--

Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups


And then there was silence...
I guess there is no way to recover, even if I still have my
certificate...
Lesson learned: don't use EFS



pd42 wrote:
Mike,
I did export the certificates/keys and copied them to another disk, I
do
have them.
So how can I decrypt the folder (while winxp thinks it is not
encrpyted)
with that certificate?


"Mike Brannigan [MSFT]" <[email protected]> schreef in
bericht
My office laptop harddisk crashed last week, but luckily the
service
guy that came to pick it up was able to recover an encrypted
folder and
burned that folder on a CD which he gave back to me. The service
guy
doesn't know my password (I didn't give it to him), so I am
assuming
that the contents on the CD is still encrypted.

I have a new laptop now and copied the CD to my new laptop. winxp
recogizes the files/folders with the correct type and size, but
doesn't recognize them as encrypted (no green color) and I cannot
open
any of them!!

How can I decrypt this folder????

I tried logging in as admin and run the Certificates Manager to
configure admin as the default recovery agent for all encrypted
files.

The problem however remains that winxp does not 'know' that this
folder
was encrypted in the first place (or else it would have a green
color
which it doesn't) and winxp doesn't recognize that its encrypted
stuff,
so if I try to open a .pst, .doc, or .xls it doesn't work...

Any help is greatly appreciated.

There are a couple of things here.
The file on CD may well still be encrypted but because it is not an
NTFS
format CD (no such thing) it will not see the encrypted file
attribute on
the file so it will not show up green.

Passwords are not really the issue here. What you needed from your
old
laptop was the certificates and keys for the account that encrypted
those
files.
If that laptop is no longer available to retrieve these files then
your
files are lost to you and will remain encrypted (there is no back
door
here you need either the keys and certs of the account that did the

encryption or the keys and certs of the recovery agent on that
machine (if
one had been created before the files were encrypted)).


--

Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use
these
newsgroups

My office laptop harddisk crashed last week, but luckily the
service
guy that came to pick it up was able to recover an encrypted
folder and
burned that folder on a CD which he gave back to me. The service
guy
doesn't know my password (I didn't give it to him), so I am
assuming
that the contents on the CD is still encrypted.

I have a new laptop now and copied the CD to my new laptop. winxp
recogizes the files/folders with the correct type and size, but
doesn't recognize them as encrypted (no green color) and I cannot
open
any of them!!

How can I decrypt this folder????

I tried logging in as admin and run the Certificates Manager to
configure admin as the default recovery agent for all encrypted
files.

The problem however remains that winxp does not 'know' that this
folder
was encrypted in the first place (or else it would have a green
color
which it doesn't) and winxp doesn't recognize that its encrypted
stuff,
so if I try to open a .pst, .doc, or .xls it doesn't work...

Any help is greatly appreciated.