Encrypting File System Recovery

  • Thread starter Thread starter Roland
  • Start date Start date
R

Roland

Hi,

I have encrypted a folder using MS Encrypting File System
and then I lost the certificate and the private key so now
I can't access/open the files in that folder. I have read
something about that the Admin account on my computer
should hold a recovery agent that should be able to
decrypt my files. But when I log on as administrator I
can't decrypt my files. I also read something that this
recovery agent is created the first time I log on as a
Admin but since I haven't logged on as an Admin due to
that my ordinary user I already a member of the Admin
group so I haven't had the need to log on as Admin before.
Could this be the answer to why I can't decrypt/recover my
files?
Does anyone know how to solve this problem or are the
files in my folder "gone" forever.

/Roland
 
If you have reinstalled your operating system that can cause losing the ability to
decrypt the EFS files. You actually had to log on as administrator during the
installation process. Be sure you log on as the built in administrator account which
would be the default recovery agent - not just anyone in the administrators group
will do and be sure that the administrator has full control on that folder and
possibly try the cipher command to decrypt. See the links below for more information
including how to use the efsinfo tool to see who can actually decrypt the files and
who is the recovery agent using the /r switch.

http://support.microsoft.com/default.aspx?scid=kb;en-us;243026
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316
 
you can log on as admin and give any account the recovery agent certificate so he can recovery your fils.try it and reply me
 
Thanks for the quick answer but unfourtnately this didn't
help me. One of the problem I think is that this is a
standalone workstation and not part of a domain so that
means that the local administrator account is my only
chance and like you say I had to reinstall some the of the
files for the OS due to some problems within the OS maybe
caused by the missing key for the encrypted file I don't
know.
So if I have understand you correct that when I
reinstalled some parts of the OS the installation process
created a new recovery agent for the administrator account
which doesn't have the ability to decrypt my files for the
specific user since for those files I would have need to
have the "old" key that the administrator account have
before reinstalling?
When I run efsinfo tool I got different Certificate
thumbprint for the files created with my old certificate
from the files created with the new certificate. Can this
help me in any way?
One thing that for me is strange is that the Recovery
Agent displayed by the efsinfo tool show "Unknown" for the
files that I can decrypt and for the files I can't decrypt
it displays my ordinary user = the user that created the
files that I now can't see due to the missing certificate.
If it was the other way around it would make sence or?
Regards
/Roland
 
The "unknown" is a bug from what I understand and does not affect the ability of
the recovery agent to decrypt the files and yes you need to have the private EFS
key from the certificate with the matching thumbprint shown with efsinfo in
order to decrypt the files. If you have logged on as the built in local
administrator account and were not able to decrypt the files while having full
control to that folder, then you are pretty much out of luck unless you had
previously exported your EFS private key. You can also logon as administrator
and use mmc to open the certificate snapin for user to see if the thumbprint on
the recovery agent certificate matches what is shown as the recovery agent
certificate shown via efsinfo and if the private key is shown as available in
the certificate properties. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q320878 --- info on
certificate management.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316
 
I'm workig with a standalone workstation. Not connected to
a workgroup or domain so that could be a problem as what I
have heard.

/Roland
-----Original Message-----
Are you working with a domain, windows 2000 workgroup or XP workgroup? each
scenario is different.

http://www.microsoft.com/WindowsXP/pro/techinfo/administra tion/recovery/default.asp


--


David B. Cross [MS]

--
This posting is provided "AS IS" with no warranties, and confers no rights.

http://support.microsoft.com

Hi,

I have encrypted a folder using MS Encrypting File System
and then I lost the certificate and the private key so now
I can't access/open the files in that folder. I have read
something about that the Admin account on my computer
should hold a recovery agent that should be able to
decrypt my files. But when I log on as administrator I
can't decrypt my files. I also read something that this
recovery agent is created the first time I log on as a
Admin but since I haven't logged on as an Admin due to
that my ordinary user I already a member of the Admin
group so I haven't had the need to log on as Admin before.
Could this be the answer to why I can't decrypt/recover my
files?
Does anyone know how to solve this problem or are the
files in my folder "gone" forever.

/Roland
Click to expand...


.
Click to expand...
 
Back
Top