EFS encrypted file recovery (yet again)

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I'll start buy noting I have learned my lesson, export your public keys. and make an ERD disk
Well here's my situation I'm running Windows 2k sp4. I ran into a problem did some registry edits and managed to foobar my registry software hive. So I decided to format the C: drive and re-install windows 2k.

Well before I formatted the drive I was able to copy all the data from the
"C:\Documents and Settings\Administrator\Application Data\Microsoft\" directory

so I have a copy of he files used for private/public keys. So far from what I read there is no way to import these files unless they were exported via secpol.msc

is there anyway to import my old keys that I have on disk ??
that are in the Crypto / Protect / SystemCertificates directories ??

I've read that there is a program called reccerts.exe that might allow me to recover these keys

thanks in advance
Dennis
 
reccerts.exe is only available by calling microsoft support using the phone
number and prices at www.microsoft.com/support. Prices might be between
$100 and $300.

Or, if you are technically proficient, you might read
www.beginningtoseethelight.org to try to do it yourself.


Dennis Adams said:
I'll start buy noting I have learned my lesson, export your public keys. and make an ERD disk.
Well here's my situation I'm running Windows 2k sp4. I ran into a problem
Click to expand...
did some registry edits and managed to foobar my registry software hive. So
I decided to format the C: drive and re-install windows 2k.
Well before I formatted the drive I was able to copy all the data from the
"C:\Documents and Settings\Administrator\Application Data\Microsoft\" directory

so I have a copy of he files used for private/public keys. So far from
Click to expand...
what I read there is no way to import these files unless they were exported
via secpol.msc
 
I have successfully recovered encrypted files in a test situation where I
had a copy of the user profile at a point after the users files were
encrypted by using the old administrators profile which was the recovery
agent for the computer. I was able to do it with a program from Elcomsoft
which has a free download that you can try that will at least show you if it
is possible, but will only decrypt very small files in the trial version.
The full verion is $99.

http://www.elcomsoft.com/prs.html#aefsdr

In my test situation, I had encrypted files on a separate drive partition
from the system. I reinstalled the operating system and then logged on
creating the administrator account with the same password as was used on the
old operating system. Of course initial attempt to decrypt the files failed.
I then logged off the computer and back on as another user in the local
administrators group, and then copied the \documents and
settings\administrator\application data folder from the old profile over to
the new administrator profile. I logged back on and tried to decrypt files
again with no luck. So then I downloaded the Advanced EFS Data Recovery
trial program while logged on as the administrator. I first scanned for keys
under the "EFS related files" page where it found the keys. I then selected
add user password where a box pops up and entered administrator as user name
and the password for the old administrator profile. I then went to the
"Encrypted Fles" page where I scanned the appropriate drive for EFS file and
it found the four test files I created and was able to sucessfully decrypt
them all as they were very small files. So you may want to try the free
download and if it finds your keys and files, you may have a good chance for
recovery if the files are worth $99 to you. --- Steve

Dennis Adams said:
I'll start buy noting I have learned my lesson, export your public keys. and make an ERD disk.
Well here's my situation I'm running Windows 2k sp4. I ran into a problem
Click to expand...
did some registry edits and managed to foobar my registry software hive. So
I decided to format the C: drive and re-install windows 2k.
Well before I formatted the drive I was able to copy all the data from the
"C:\Documents and Settings\Administrator\Application Data\Microsoft\" directory

so I have a copy of he files used for private/public keys. So far from
Click to expand...
what I read there is no way to import these files unless they were exported
via secpol.msc
 
Back
Top