File Encryption

[Mark]

My work changed from Windows NT Server to Windows 2003
Server and changed the Domain name. After this change the
files contained in an encrypted folder lost the public key
assosiated with my user account (from the old domain)
instead of carrying the key to the new domain. As a result
the files contained in the encrypted folder are not
accessable. Is there a way to decrypt the files without
the key. Please help!

 

[Drew Cooper [MSFT]]

Domain rename breaks DPAPI (the thing ultimately protecting your keys)
because of the SID change. This should be documented with our domain rename
tool/user migration tools. If this wasn't called out, please post again
with links to the docs your admins used - I can file a bug to have them
fixed.

Do you still have your old profile? If so, you can contact Microsoft
Product Support or someone can recommend one of the 3rd party solutions to
recover the files.

Another option: If your admins have a backup of a DC from before the rename,
you can probably put your machine back in the original domain, decrypt your
files and/or export your certificate and private key, then rejoin the new
domain. I haven't personally tried this so I can't offer any guarantees,
but I think it should work. If you go this route, be sure to back up your
user profile beforehand in case something goes wrong.