Encrypted Folders and Upgrading to XP

[Guest]

I just upgraded a machine to XP from 2K, and found that the encrypted folders
(EFS) on the NTFS data disk are no longer accessable. The permissions on the
folders are still set correctly, but I am unable to access, copy or disable
encryption.
The domain user accounts are still valid, so I am assuming this has
something to do with the SID from the 2K install vs the new SID for the XP
install.
Is there any way to recover these files? (the old machine account has been
deleted from the domain).

TIA

 

[Richard Urban]

Without the encryption key, which the user must export for safe keeping, the
files are useless.

--
Regards,

Richard Urban

aka Crusty (-: Old B@stard

If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!

 

[Kerry Brown]

I just upgraded a machine to XP from 2K, and found that the encrypted
folders
(EFS) on the NTFS data disk are no longer accessable. The permissions on
the
folders are still set correctly, but I am unable to access, copy or
disable
encryption.
The domain user accounts are still valid, so I am assuming this has
something to do with the SID from the 2K install vs the new SID for the XP
install.
Is there any way to recover these files? (the old machine account has been
deleted from the domain).

TIA

EFS works differently in XP and 2K, and differently again with domain
accounts and local accounts. If there is a designated recovery agent for the
domain you may be able to use that key to unencrypt the files. See the
following link:

http://www.microsoft.com/resources/...windows/xp/all/reskit/en-us/prnb_efs_lnfx.asp

It's a long and hard to understand chapter in the docs. Basically you would
need to export the DRA certificate and key and import them on the computer
with the encrypted files. If the domain admins do not want to allow this key
to be exported (it is a major security risk) then you would have to back up
the files and they could unencrypt them on a different computer.

Kerry