I accidentally cracked my windows that was on C:
I had previously encrypted files on D:.
Now I restored C: using symantec ghost but I find out that I cannot
decrypt any files, it says "access denied"
It is true that the backup of C: was made before encrypting files
The problem is that you need your EFS private key to decrypt the
files and that was destroyed when you restored the Ghost image.
Most likely you will never be able to access those files again
unless you had previously created a backup of your EFS private key
to a password protected .pfx file stored somewhere that you can
import or if you have a copy of your user profile from a point in
time after you started using EFS. You EFS private key is stored in
your user profile in the username\application data\Microsoft\crypto
folders. If none of the above is possible you could try using a
file recovery program to see if you can find that folder on your
system drive [probably very unlikely with an image restore] or use
it to check your D drive for deleted clear text copies of your
encrypted files if any exist which could be temporary files so if
you are desperate for the files try recovering anything to see on
the D drive to see if any have data you need. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316 ---
EFS best practices
http://www.snapfiles.com/Shareware/system/swdatarecovery.html ---
shareware data recovery tools
http://www.snapfiles.com/Freeware/system/fwdatarecovery.html ---
freeware data recovery tools
So do I look for a .pfx and need to know my password ?
But... what's the logic of this EFS? Why is the KEY not stored on
the very same drive where the encrypted files are... ?
Im losing hope
Shenan Stanley wrote
You destroyed the partition that held the encrypted key
information. You did not follow the best practices of EFS.
You have more than likely lost your data.
In the future - follow best practices and backup your key.
Best practices for the Encrypting File System
http://support.microsoft.com/kb/223316/
How to back up the recovery agent Encrypting File System (EFS)
private key
in Windows Server 2003, in Windows 2000, and in Windows XP
http://support.microsoft.com/kb/241201
Using Efsinfo.exe to determine information about encrypted files
http://support.microsoft.com/kb/243026/
Mike said:
OK, I am confused now -- if he had a ghost image of
the C drive he restored, why is not all of the information
that was there restored again ?? The only time I have
ever run into an issue where restoring the partition did
not have all the information was when it was one of those
stupid applications that stored a secret "key" of some
sort OUTSIDE of the partition on the disk. A ghost
image restore of the C drive should be indistinguishable
from the original. I could see it if only certain files were
saved but not when the drive was imaged (and the OP
said it was a ghost image).
Yes.
You should read more carefully though.
The entire thread (at least this strand) is now above..
Notice in the original post - the OP made it clear...
--------
"Now I restored C: using symantec ghost but I find out that I cannot
decrypt any files, it says "access denied"
It is true that the backup of C: was made before encrypting files
on D: "
--------
So - they made a ghost image - but like most who think they will use
that method of backup - they did not do it frequently enough. The
last image they obviously had was some time before they started using
EFS to encrypt their files - thus no encryption information (keys/etc)
were ever stored on the ghost image they had and restored with.
Put more simply.. It's like making a backup of your entire system in
January (and never again), using the computer daily - adding and
removing files, receiving and sending email, etc - and then in August
your hard drive dies - but you restore your January backup.. Nothing
you did from the time you took that backup until August is there - nor
should you expect it to be.
)