Re: EFS - Please help to unsecure data

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Admiral Q (Star_Fleet_Admiral_Q(NOSPAM)_at_(SPAMNOT)hotmail.com)
Date: 02/06/05 

Date: Sat, 5 Feb 2005 20:09:23 -0500

As others have said - without the CERT for the original profile that
encrypted them or the designated recovery agent profile if you did so
(before you formatted), then the files are as good as gone. You might as
well delete them and start your 11 years research over, or reenter from
hand-written "notes" if you have them.
If EFS had a back door, then it wouldn't be a good or certifiable EFS, now
would it? 

-- 
Star Fleet Admiral Q @ your service!
"Google is your Friend!"
www.google.com
***********************************************
" 781" <lets@have.org> wrote in message
news:eAtWac#CFHA.3824@TK2MSFTNGP10.phx.gbl...
> I am able to see the files, rename them, but not open. If this helps
anyway.
> G
>
>
> "Rock" <rock@mail.nospam.net> wrote in message
> news:uLTzR%238CFHA.3120@TK2MSFTNGP12.phx.gbl...
> >   781 wrote:
> >
> >> I have been formatting my HD for couple of times and did not have a
> >> problem like this.
> >> I have encrypted some folders with VERY important files on it and have
> >> never had access problems with it. After each format I would go into G
> >> partition and set myself as an owner.
> >> After that I would have access to my files.
> >> I have now reformatted my drive for the 3rd time. This time, somehow I
am
> >> unable to gain access to my files: Access Denied.
> >> Please show me a way to get these before I pull all my hair off my
head.
> >> Thank you, and appreciate your help.
> >> G
> >
> > Without having a backup of the encryption key and/or having designated a
> > recovery agent, the files are probably not recoverable.  The encryption
> > key is generated from the users SID.  When a OS is reinstalled, even if
an
> > account with the same name and password is created, the SID is not the
> > same hence it will not work with the original files unless the
encryption
> > key was saved and then imported.  See these links:
> >
> > Best practices for the Encrypting File System
> > http://support.microsoft.com/?id=223316
> >
> > How to back up the recovery agent Encrypting File System (EFS) private
key
> > in Windows Server 2003, in Windows 2000, and in Windows XP
> > http://support.microsoft.com/?id=241201
> >
>
>

Relevant Pages

  • Re: EFS - Please help to unsecure data
    ... encrypted them or the designated recovery agent profile if you did so ... >> Without having a backup of the encryption key and/or having designated a ... >> recovery agent, the files are probably not recoverable. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: EFS - Please help to unsecure data
    ... encrypted them or the designated recovery agent profile if you did so ... >> Without having a backup of the encryption key and/or having designated a ... >> recovery agent, the files are probably not recoverable. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Can no longer encrypt files
    ... It is saying the certificate for the "Recovery Agent" is invalid, ... > the actual account doing the Encryption. ... > Win2k, the designated recovery agent was the default "Domain Admin", WinXP ... This was working fine until the account password expired and was ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Can no longer encrypt files
    ... the actual account doing the Encryption. ... Win2k, the designated recovery agent was the default "Domain Admin", WinXP ... This was working fine until the account password expired and was ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Folder Encryption
    ... Unless you are on a domain, do not use encryption. ... it is described how to create a data recovery agent, ... page 5 "Data Recovery on Standalone Machines" ... Back Up Your Encrypting File System Private Key in Windows 2000 ...
    (microsoft.public.windowsxp.security_admin)