The Stoat said:
Hi all,
I've recently reinstalled Windows following a terminal crash.
Unfortunately, I now can't access various documents (including My
Briefcase)
as I had them encrypted on my process installation of XP.
I have searched the forums which tell me I need my encryption keys to
decrypt them. I have the 'System Files' backed up from my previous
installation. Does anyone know if the keys are in these backups and how I
would use them?
If not, is there any other way of decrypting the files.
Did you export the EFS certificate? If not, say bye-bye to those files. If
you had several thousand, maybe millions, of computers you might be able to
decrypt those files in a few years.
Start -> Help and Support , search on "EFS export".
How good are your backups (from where you got the old encrypted data files)?
Do you have a full backup sometime after you created the EFS certificate?
What I'm thinking is that you create a new account under the new instance of
Windows which has the same username and password as before. It's SID
(security identifier) recorded in the SAM database and registry won't be the
same but maybe that is not required. Then use your backups to recover that
old user profile to put those files under your new same-named profile path.
Then login as that old username using the same old password.
Because the SID for the *new* account with the same username will be
different than before, the NTFS permissions will list a SID that is not
defined under that new instance of Windows as the owner of those files. You
will need to remove that old SID from the security for your profile (and all
files under it) using an admin account so you can take ownership of it or
give it to the new same-named account. Even when I had the EFS certificate
to import, I could not access my encrypted files (after importing the EFS
certificate) until I added my new account (by the same old username) to the
security access list for those files. Ownership and permissions in NTFS are
tracked by the SID for the accounts or groups. When you create a new
account, even by the same username, the SID will be unique. However, that
old SID under the old instance of Windows is undefined under the new
instance of Windows. For file permissions under the Security tab, you'll
see some "S-<bunchnumbers>" account listed with full permissions and as the
owner. That's your old SID under the old instance of Windows. Remove it
and add yourself as the new owner of the file, or add a group to have
permissions to which your new account belongs.
I'm not sure that creating a new account using the same old username *AND*
the same old password (so you'll need to know the password) along with doing
a restore from backups for all files under your profile path for that new
account (%userprofile%) will work, even after fixing the NTFS permissions to
allow your new account to be owner or have full permissions. The SID for
your new same-named account will be different than before. From what I read
at:
http://support.microsoft.com/?id=322346
The SID is not involved in generating the private or public keys for the EFS
certificate (that you probably never exported). However, if you didn't do
backups then you have no old profile to restore. If you don't remember the
old password to use in the new same-named account, you have no way to
duplicate the hash that got used in generating your encryption keys. And I
don't know if the above will work or if you are capable of performing it and
maybe digging out from any pitfalls during the process, so not have an
exported copy of the EFS certificate means you lost those files.
