Recovering Encrypted File on WIndows XP workstation

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have a user that encrypted a file on the desktop and the user acct has been
deleted off the server. The user no longer works here and I need to recover
the file. I have exported the administrator file recovery certificate and
imported it on the workstation in question. However it does not let me
decrypt the file. I dont have a PKI or CA setup on the domain. I have looked
for articles on the web but what I have read is not working. From what I read
I should be able to log on to the workstation as the domain admin and decrypt
the file but nothing is working. Is there any way to recover the file? any
help would be greatly appreciated!!

Thanks
Chad
 
Let us assume that the XP was joined to the domain when the
file was encrypted, and that we are speaking of a file encrypted
by EFS.

Just what is it that you exported when you
"exported the administrator file recovery certificate"
You should have a pfx file that you used for the import that
contained both the EFS cert and the private key, and when
you were exporting it you should have seen that it had stated
use for EFS data recovery. You need the private key to be
able to decrypt - the cert is for encrypting.

One thing you could instead do, here stated in the safest form,
is to use NTbackup at the XP to package up the encrypted file,
and then unpack this (restore) onto a machine where you can
log in with the DRA (the account where you exported the EFS
recovery cert).
 
Windows XP does not require a recovery agent for EFS but it can use one if
Group Policy was configured for such for that computer. Use the efsinfo tool
to see if the file has a recovery agent that can decrypt it and who it is.
Note that when you export a recovery certificate you must also export the
private key to a password protected .pfx file to import for recovering. If
you can restore the user account via an Active Directory authoritative
restore [just for that account] from a System State backup less than sixty
days old you might be able to reset that user's domain password, logon as
that user and decrypt the file. The link below explains efsinfo. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;243026 --- use
efsinfo /r /c
 
Back
Top