Sign in with
Sign up | Sign in
Your question

EFS Key Restoration from backup file

Last response: in Windows XP
Share
Anonymous
a b 8 Security
March 18, 2005 3:21:04 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi,

Dont ask, I realy don't know but it look like that I cannot open my
encrypted files.
This is to say that the assicated user key of the account with the problem
are misplaced or lost.

Q1) If the key is not lost but missplaced, who can I locate it and place it
back at the right place?

Q2) If the key is lost, I have a data and system backup of my machine using
the "Backup" program. How can I locate and extract from the backup the
missing key?

I am open to question. The problem arise when I tried to configure two
machines with same name and password for users on a same local network with a
simple router between then.

Thank answering ASAP I am leaving country in 10 days.
Anonymous
a b 8 Security
March 19, 2005 12:35:39 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

NewComrMSNETFam wrote:

> Hi,
>
> Dont ask, I realy don't know but it look like that I cannot open my
> encrypted files.
> This is to say that the assicated user key of the account with the problem
> are misplaced or lost.
>
> Q1) If the key is not lost but missplaced, who can I locate it and place it
> back at the right place?
>
> Q2) If the key is lost, I have a data and system backup of my machine using
> the "Backup" program. How can I locate and extract from the backup the
> missing key?
Hi

If you can restore the user profile folders for the user that
encrypted the files and if you remember the password for the user
when the backup was taken, you might be able to save the files.

Take a look at this site for more details:

http://www.beginningtoseethelight.org/efsrecovery/




--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.m...
Anonymous
a b 8 Security
March 19, 2005 12:35:40 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I'm wanting to understand the same issues. Many, many people lose their
encrypted files, partly because Microsoft's explanation is so poor.

The web site you referenced is very poorly written and formatted. Doesn't
Micrososoft have anything better? I notice that that web site is mentioned a lot.

Thanks, Michael

___________________________

Torgeir Bakken (MVP) wrote:
> NewComrMSNETFam wrote:
>
>> Hi,
>>
>> Dont ask, I realy don't know but it look like that I cannot open my
>> encrypted files.
>> This is to say that the assicated user key of the account with the
>> problem are misplaced or lost.
>>
>> Q1) If the key is not lost but missplaced, who can I locate it and
>> place it back at the right place?
>> Q2) If the key is lost, I have a data and system backup of my machine
>> using the "Backup" program. How can I locate and extract from the
>> backup the missing key?
>
> Hi
>
> If you can restore the user profile folders for the user that
> encrypted the files and if you remember the password for the user
> when the backup was taken, you might be able to save the files.
>
> Take a look at this site for more details:
>
> http://www.beginningtoseethelight.org/efsrecovery/
>
>
>
>
Related resources
Anonymous
a b 8 Security
March 19, 2005 12:35:41 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I have compared my admin account with the one that has key problem.

In the crypto directory I have and extra directory named:D SS with
sub-directory with keys.

Q3) Any clue on why this extra directory and If the system would try to
use the DSS key to decipher?

It could be and explanation. Now if this is the reason, how I get the
system to go back using my RSA keys which are there after all, unless those
have beed also changed, again for some unexplained reasons.

Please, for people how like this discussion, first try answering my
questions: Q1..Q3 then will go further.

Thanks.


"M. Jennings" wrote:

> I'm wanting to understand the same issues. Many, many people lose their
> encrypted files, partly because Microsoft's explanation is so poor.
>
> The web site you referenced is very poorly written and formatted. Doesn't
> Micrososoft have anything better? I notice that that web site is mentioned a lot.
>
> Thanks, Michael
>
> ___________________________
>
> Torgeir Bakken (MVP) wrote:
> > NewComrMSNETFam wrote:
> >
> >> Hi,
> >>
> >> Dont ask, I realy don't know but it look like that I cannot open my
> >> encrypted files.
> >> This is to say that the assicated user key of the account with the
> >> problem are misplaced or lost.
> >>
> >> Q1) If the key is not lost but missplaced, who can I locate it and
> >> place it back at the right place?
> >> Q2) If the key is lost, I have a data and system backup of my machine
> >> using the "Backup" program. How can I locate and extract from the
> >> backup the missing key?
> >
> > Hi
> >
> > If you can restore the user profile folders for the user that
> > encrypted the files and if you remember the password for the user
> > when the backup was taken, you might be able to save the files.
> >
> > Take a look at this site for more details:
> >
> > http://www.beginningtoseethelight.org/efsrecovery/
> >
> >
> >
> >
>
Anonymous
a b 8 Security
March 19, 2005 1:31:51 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

M. Jennings wrote:

> I'm wanting to understand the same issues. Many, many people lose their
> encrypted files, partly because Microsoft's explanation is so poor.
>
> The web site you referenced is very poorly written and formatted.
> Doesn't Micrososoft have anything better?
Hi

From http://www.beginningtoseethelight.org/efsrecovery/

"02. microsoft have a recovery program (reccerts.exe) only
available via payed support"

reccerts.exe will do approximately the same job as the manual
procedure described at that web page.



--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.m...
Anonymous
a b 8 Security
March 19, 2005 1:31:52 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I have found the cause, now how do I solve that!

Here it is: Using the admin account I have change the password of my non
admin account. Now, knowing my old password can I revert by simply changing
it back to orignal value? The user-id and machine id ... hasen't changed.

How about that?


"Torgeir Bakken (MVP)" wrote:

> M. Jennings wrote:
>
> > I'm wanting to understand the same issues. Many, many people lose their
> > encrypted files, partly because Microsoft's explanation is so poor.
> >
> > The web site you referenced is very poorly written and formatted.
> > Doesn't Micrososoft have anything better?
> Hi
>
> From http://www.beginningtoseethelight.org/efsrecovery/
>
> "02. microsoft have a recovery program (reccerts.exe) only
> available via payed support"
>
> reccerts.exe will do approximately the same job as the manual
> procedure described at that web page.
>
>
>
> --
> torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
> Administration scripting examples and an ONLINE version of
> the 1328 page Scripting Guide:
> http://www.microsoft.com/technet/scriptcenter/default.m...
>
Anonymous
a b 8 Security
March 19, 2005 1:31:53 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I works, putting back from the admin account with same account type and
password made the encrypted files available.

Since special, since that means that no key where actually recomputed
and-or building those keys doesn't invole a random activity.

That's a special one!

Thanks anyway.

Chears!



"NewComrMSNETFam" wrote:

> I have found the cause, now how do I solve that!
>
> Here it is: Using the admin account I have change the password of my non
> admin account. Now, knowing my old password can I revert by simply changing
> it back to orignal value? The user-id and machine id ... hasen't changed.
>
> How about that?
>
>
> "Torgeir Bakken (MVP)" wrote:
>
> > M. Jennings wrote:
> >
> > > I'm wanting to understand the same issues. Many, many people lose their
> > > encrypted files, partly because Microsoft's explanation is so poor.
> > >
> > > The web site you referenced is very poorly written and formatted.
> > > Doesn't Micrososoft have anything better?
> > Hi
> >
> > From http://www.beginningtoseethelight.org/efsrecovery/
> >
> > "02. microsoft have a recovery program (reccerts.exe) only
> > available via payed support"
> >
> > reccerts.exe will do approximately the same job as the manual
> > procedure described at that web page.
> >
> >
> >
> > --
> > torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
> > Administration scripting examples and an ONLINE version of
> > the 1328 page Scripting Guide:
> > http://www.microsoft.com/technet/scriptcenter/default.m...
> >
Anonymous
a b 8 Security
March 19, 2005 2:56:17 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"M. Jennings" <mjennings@-NOTthis-or-dashes-myrealbox.com> ha scritto nel
messaggio news:u1itFx$KFHA.2136@TK2MSFTNGP14.phx.gbl...
>
> The web site you referenced is very poorly written and formatted. Doesn't
> Micrososoft have anything better? I notice that that web site is mentioned
> a lot.
>

>> http://www.beginningtoseethelight.org/efsrecovery/
>>
It's not a Microsoft's site...!
And, more, what matters most? A fairly written website or a full of info
site?
Speaking of well formatted text, we *should* start writing on newsgroups in
*html* then...perhaps using emoticons...god bless us...

Stefano
Anonymous
a b 8 Security
March 19, 2005 3:07:04 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Here's a Microsoft site with information about EFS:

http://www.microsoft.com/technet/prodtechnol/winxppro/d...

Thanks.
Pat

"M. Jennings" wrote:

> I'm wanting to understand the same issues. Many, many people lose their
> encrypted files, partly because Microsoft's explanation is so poor.
>
> The web site you referenced is very poorly written and formatted. Doesn't
> Micrososoft have anything better? I notice that that web site is mentioned a lot.
>
> Thanks, Michael
>
> ___________________________
>
> Torgeir Bakken (MVP) wrote:
> > NewComrMSNETFam wrote:
> >
> >> Hi,
> >>
> >> Dont ask, I realy don't know but it look like that I cannot open my
> >> encrypted files.
> >> This is to say that the assicated user key of the account with the
> >> problem are misplaced or lost.
> >>
> >> Q1) If the key is not lost but missplaced, who can I locate it and
> >> place it back at the right place?
> >> Q2) If the key is lost, I have a data and system backup of my machine
> >> using the "Backup" program. How can I locate and extract from the
> >> backup the missing key?
> >
> > Hi
> >
> > If you can restore the user profile folders for the user that
> > encrypted the files and if you remember the password for the user
> > when the backup was taken, you might be able to save the files.
> >
> > Take a look at this site for more details:
> >
> > http://www.beginningtoseethelight.org/efsrecovery/
> >
> >
> >
> >
>
Anonymous
a b 8 Security
March 19, 2005 3:15:03 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Now that you can access your files again, it would be a good time to back up
your EFS certificate/key. If you have WXP with SP2 installed, run "cipher
/x" at a command line to create a .pfx file. Store that file on a floppy in
a safe place. If you ever need to recover files, just run or double-click
that .pfx file. It will automatically import your certificate/key to your
Personal Certificates store.

Thanks.
Pat

"NewComrMSNETFam" wrote:

> I works, putting back from the admin account with same account type and
> password made the encrypted files available.
>
> Since special, since that means that no key where actually recomputed
> and-or building those keys doesn't invole a random activity.
>
> That's a special one!
>
> Thanks anyway.
>
> Chears!
>
>
>
> "NewComrMSNETFam" wrote:
>
> > I have found the cause, now how do I solve that!
> >
> > Here it is: Using the admin account I have change the password of my non
> > admin account. Now, knowing my old password can I revert by simply changing
> > it back to orignal value? The user-id and machine id ... hasen't changed.
> >
> > How about that?
> >
> >
> > "Torgeir Bakken (MVP)" wrote:
> >
> > > M. Jennings wrote:
> > >
> > > > I'm wanting to understand the same issues. Many, many people lose their
> > > > encrypted files, partly because Microsoft's explanation is so poor.
> > > >
> > > > The web site you referenced is very poorly written and formatted.
> > > > Doesn't Micrososoft have anything better?
> > > Hi
> > >
> > > From http://www.beginningtoseethelight.org/efsrecovery/
> > >
> > > "02. microsoft have a recovery program (reccerts.exe) only
> > > available via payed support"
> > >
> > > reccerts.exe will do approximately the same job as the manual
> > > procedure described at that web page.
> > >
> > >
> > >
> > > --
> > > torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
> > > Administration scripting examples and an ONLINE version of
> > > the 1328 page Scripting Guide:
> > > http://www.microsoft.com/technet/scriptcenter/default.m...
> > >
Anonymous
a b 8 Security
March 19, 2005 9:14:47 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Pat,

Thanks for your reply.

If you read all of Microsoft's documentation carefully, you will find that the
explanation just is not there. There are plenty of "overviews" that cover the
same information.

Only if I can move the files between different accounts on different
stand-alone computers will I know I understand how EFS works. I have been
unable to do that.

I deleted my personal certificate, but the files in a test directory are still
automatically decrypted. This also shows that I don't understand EFS.

I need to be able to change my logon password without losing my encrypted files.

I don't understand why they say "Recovery Certificate", when supposedly the
Recovery Certificate does not include the private key. With no private key, it
is impossible to decrypt files.

Pat, do a search on EFS in the newsgroups. People are having a very difficult
time with encryption. They are losing files. It is easy to encrypt, and
difficult to know how the encryption works.

Two people have advised me to use non-Microsoft products. People are directing
other people to poorly written and formatted non-Microsoft web pages.

Part of the confusion is obvious from the fact that there are so many web
Microsoft web pages devoted to the same incomplete explanations. EFS is
different between Windows 2000 and Windows XP, but often the web pages refer
to both seemingly indiscriminately. Those who did the writing were confused
about the differences between EFS when connected to a domain, and EFS on a
stand-alone computer.

Michael

_________________________

Pat Hoffer [MSFT] wrote:
> Here's a Microsoft site with information about EFS:
>
> http://www.microsoft.com/technet/prodtechnol/winxppro/d...
>
> Thanks.
> Pat
>
> "M. Jennings" wrote:
>
>
>>I'm wanting to understand the same issues. Many, many people lose their
>>encrypted files, partly because Microsoft's explanation is so poor.
>>
>>The web site you referenced is very poorly written and formatted. Doesn't
>>Micrososoft have anything better? I notice that that web site is mentioned a lot.
>>
>>Thanks, Michael
>>
>>___________________________
>>
>>Torgeir Bakken (MVP) wrote:
>>
>>>NewComrMSNETFam wrote:
>>>
>>>
>>>>Hi,
>>>>
>>>>Dont ask, I realy don't know but it look like that I cannot open my
>>>>encrypted files.
>>>>This is to say that the assicated user key of the account with the
>>>>problem are misplaced or lost.
>>>>
>>>>Q1) If the key is not lost but missplaced, who can I locate it and
>>>>place it back at the right place?
>>>>Q2) If the key is lost, I have a data and system backup of my machine
>>>>using the "Backup" program. How can I locate and extract from the
>>>>backup the missing key?
>>>
>>>Hi
>>>
>>>If you can restore the user profile folders for the user that
>>>encrypted the files and if you remember the password for the user
>>>when the backup was taken, you might be able to save the files.
>>>
>>>Take a look at this site for more details:
>>>
>>>http://www.beginningtoseethelight.org/efsrecovery/
>>>
>>>
>>>
>>>
>>
Anonymous
a b 8 Security
March 19, 2005 9:14:48 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Yes, the data is very domain-oriented, theoretical, and lengthy (and needs to
be addressed). The KB articles tend to be more specific, so I thought those
might be helpful to look through. EFS was designed with a domain environment
in mind. Domains have the default EFS recovery policy (a File Recovery
certificate and key stored on the DC), that can be used to recover users'
encrypted files when issues arise. That is why there is so much
documentation in that direction.

The reality is that many non-domain users are using EFS, also. The best
"recovery policy" for non-domain users is to back up their EFS
certificates/keys. This has not been well-addressed in documentation, which
is why I keep promoting "cipher /x" on this newsgroup. (WS2003 actually
shipped with a backup UI for this.)

You said you can still decrypt your files even though you have deleted your
EFS certificate. EFS keeps your private key in cache until you log off. Try
logging off and then on again, and you should get access denied to those
files. As for moving encrypted files between standalone machines, EFS was
not designed in WinXP to do that. (Win2K was a different story.)

The "password change" issue was caused by another Windows component that
encrypts your EFS private key with your password to keep it secure. When you
log on and then access an encrypted file, this component decrypts your EFS
key (using your password) and hands it to EFS. In a domain environment, the
component had to be able to reach the DC to confirm that the new password is
correct before it can decrypt your key. This caused a problem for domain
users who were disconnected from their networks when they tried to access
encrypted files for the first time after a password change. This issue has
been fixed in the service packs for WinXP and in SP4 for Win2K.

The bottom line is that if you back up your EFS certificate/key, your bases
are covered. Do this: encrypt a new file (EFS will create a new certificate
since you've deleted the original), run "cipher /x" at command line to create
a .pfx file, delete your new EFS certificate, log off and on, try to open the
new file (you shouldn't), run or double-click the .pfx file to import the
certificate (select to make the key exportable), and try to open the new file
again (you should).

That's probably more than you ever wanted to know, but I hope it helps.
Thanks for your comments regarding the documentation. I'll pass that on.

Thanks.
Pat

"M. Jennings" wrote:

> Pat,
>
> Thanks for your reply.
>
> If you read all of Microsoft's documentation carefully, you will find that the
> explanation just is not there. There are plenty of "overviews" that cover the
> same information.
>
> Only if I can move the files between different accounts on different
> stand-alone computers will I know I understand how EFS works. I have been
> unable to do that.
>
> I deleted my personal certificate, but the files in a test directory are still
> automatically decrypted. This also shows that I don't understand EFS.
>
> I need to be able to change my logon password without losing my encrypted files.
>
> I don't understand why they say "Recovery Certificate", when supposedly the
> Recovery Certificate does not include the private key. With no private key, it
> is impossible to decrypt files.
>
> Pat, do a search on EFS in the newsgroups. People are having a very difficult
> time with encryption. They are losing files. It is easy to encrypt, and
> difficult to know how the encryption works.
>
> Two people have advised me to use non-Microsoft products. People are directing
> other people to poorly written and formatted non-Microsoft web pages.
>
> Part of the confusion is obvious from the fact that there are so many web
> Microsoft web pages devoted to the same incomplete explanations. EFS is
> different between Windows 2000 and Windows XP, but often the web pages refer
> to both seemingly indiscriminately. Those who did the writing were confused
> about the differences between EFS when connected to a domain, and EFS on a
> stand-alone computer.
>
> Michael
>
> _________________________
>
> Pat Hoffer [MSFT] wrote:
> > Here's a Microsoft site with information about EFS:
> >
> > http://www.microsoft.com/technet/prodtechnol/winxppro/d...
> >
> > Thanks.
> > Pat
> >
> > "M. Jennings" wrote:
> >
> >
> >>I'm wanting to understand the same issues. Many, many people lose their
> >>encrypted files, partly because Microsoft's explanation is so poor.
> >>
> >>The web site you referenced is very poorly written and formatted. Doesn't
> >>Micrososoft have anything better? I notice that that web site is mentioned a lot.
> >>
> >>Thanks, Michael
> >>
> >>___________________________
> >>
> >>Torgeir Bakken (MVP) wrote:
> >>
> >>>NewComrMSNETFam wrote:
> >>>
> >>>
> >>>>Hi,
> >>>>
> >>>>Dont ask, I realy don't know but it look like that I cannot open my
> >>>>encrypted files.
> >>>>This is to say that the assicated user key of the account with the
> >>>>problem are misplaced or lost.
> >>>>
> >>>>Q1) If the key is not lost but missplaced, who can I locate it and
> >>>>place it back at the right place?
> >>>>Q2) If the key is lost, I have a data and system backup of my machine
> >>>>using the "Backup" program. How can I locate and extract from the
> >>>>backup the missing key?
> >>>
> >>>Hi
> >>>
> >>>If you can restore the user profile folders for the user that
> >>>encrypted the files and if you remember the password for the user
> >>>when the backup was taken, you might be able to save the files.
> >>>
> >>>Take a look at this site for more details:
> >>>
> >>>http://www.beginningtoseethelight.org/efsrecovery/
> >>>
> >>>
> >>>
> >>>
> >>
>
Anonymous
a b 8 Security
March 20, 2005 12:01:32 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

No relation to the author of the page, but it is very well written and
informative - perhaps you should be contacting a PC technician instead of
trying to be a do-it-yourselfer, as a moderate amount of technical
understanding is required to troubleshoot issues such as these.

--
Star Fleet Admiral Q @ your service!
"Google is your Friend!"
www.google.com

***********************************************

"M. Jennings" <mjennings@-NOTthis-or-dashes-myrealbox.com> wrote in message
news:u1itFx$KFHA.2136@TK2MSFTNGP14.phx.gbl...
> I'm wanting to understand the same issues. Many, many people lose their
> encrypted files, partly because Microsoft's explanation is so poor.
>
> The web site you referenced is very poorly written and formatted. Doesn't
> Micrososoft have anything better? I notice that that web site is mentioned
a lot.
>
> Thanks, Michael
>
> ___________________________
>
> Torgeir Bakken (MVP) wrote:
> > NewComrMSNETFam wrote:
> >
> >> Hi,
> >>
> >> Dont ask, I realy don't know but it look like that I cannot open my
> >> encrypted files.
> >> This is to say that the assicated user key of the account with the
> >> problem are misplaced or lost.
> >>
> >> Q1) If the key is not lost but missplaced, who can I locate it and
> >> place it back at the right place?
> >> Q2) If the key is lost, I have a data and system backup of my machine
> >> using the "Backup" program. How can I locate and extract from the
> >> backup the missing key?
> >
> > Hi
> >
> > If you can restore the user profile folders for the user that
> > encrypted the files and if you remember the password for the user
> > when the backup was taken, you might be able to save the files.
> >
> > Take a look at this site for more details:
> >
> > http://www.beginningtoseethelight.org/efsrecovery/
> >
> >
> >
> >
Anonymous
a b 8 Security
March 20, 2005 12:25:03 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Pat,

First, I want to say that your reply is very, very much appreciated.

You said below: "As for moving encrypted files between standalone machines,
EFS was not designed in WinXP to do that. (Win2K was a different story.)"

Wow! There is nothing in the documentation that hints at this!

Do I understand you correctly? There is no way whatsoever to decrypt an EFS
encrypted file on a computer other than the one on which it was encrypted,
unless the computer is attached to a domain?

This means that the encrypted data is, basically, owned by Windows 2003?

Do I understand correctly that Microsoft made a change between EFS in Windows
2000 and EFS in Windows 2003/XP, without adequately notifying users?

You said, 'The reality is that many non-domain users are using EFS, also. The
best "recovery policy" for non-domain users is to back up their EFS
certificates/keys. This has not been well-addressed in documentation, which
is why I keep promoting "cipher /x" on this newsgroup.'

You also say below: "The bottom line is that if you back up your EFS
certificate/key, your bases are covered."

I don't understand how backing up my .PFX and .CER files helps me, if I cannot
use them on a different computer. What would happen if a user with a single
computer lost his or her computer because of theft? Would there be no way to
recover the information, even if he or she had backups?

I tried reading my EFS encrypted test data on a second computer with the same
account name and password, and it would not decrypt.

What about the computer on which I originally EFS encrypt is unique, so that I
cannot transport my encrypted data elsewhere? When is a backup of .CER and
..PFX files not a real backup for the data?

If I understand this correctly, it strikes me as cruel. I saw one newsgroup
posting in which a man said he had lost 11 years of research. EFS works in a
way that is counter-intuitive and not documented.

You said, "That's probably more than you ever wanted to know, but I hope it
helps."

It's not more than I wanted to know. It does help, a lot.

Michael


___________________

Pat Hoffer [MSFT] wrote:
> Yes, the data is very domain-oriented, theoretical, and lengthy (and needs to
> be addressed). The KB articles tend to be more specific, so I thought those
> might be helpful to look through. EFS was designed with a domain environment
> in mind. Domains have the default EFS recovery policy (a File Recovery
> certificate and key stored on the DC), that can be used to recover users'
> encrypted files when issues arise. That is why there is so much
> documentation in that direction.
>
> The reality is that many non-domain users are using EFS, also. The best
> "recovery policy" for non-domain users is to back up their EFS
> certificates/keys. This has not been well-addressed in documentation, which
> is why I keep promoting "cipher /x" on this newsgroup. (WS2003 actually
> shipped with a backup UI for this.)
>
> You said you can still decrypt your files even though you have deleted your
> EFS certificate. EFS keeps your private key in cache until you log off. Try
> logging off and then on again, and you should get access denied to those
> files. As for moving encrypted files between standalone machines, EFS was
> not designed in WinXP to do that. (Win2K was a different story.)
>
> The "password change" issue was caused by another Windows component that
> encrypts your EFS private key with your password to keep it secure. When you
> log on and then access an encrypted file, this component decrypts your EFS
> key (using your password) and hands it to EFS. In a domain environment, the
> component had to be able to reach the DC to confirm that the new password is
> correct before it can decrypt your key. This caused a problem for domain
> users who were disconnected from their networks when they tried to access
> encrypted files for the first time after a password change. This issue has
> been fixed in the service packs for WinXP and in SP4 for Win2K.
>
> The bottom line is that if you back up your EFS certificate/key, your bases
> are covered. Do this: encrypt a new file (EFS will create a new certificate
> since you've deleted the original), run "cipher /x" at command line to create
> a .pfx file, delete your new EFS certificate, log off and on, try to open the
> new file (you shouldn't), run or double-click the .pfx file to import the
> certificate (select to make the key exportable), and try to open the new file
> again (you should).
>
> That's probably more than you ever wanted to know, but I hope it helps.
> Thanks for your comments regarding the documentation. I'll pass that on.
>
> Thanks.
> Pat
>
> "M. Jennings" wrote:
>
>
>>Pat,
>>
>>Thanks for your reply.
>>
>>If you read all of Microsoft's documentation carefully, you will find that the
>>explanation just is not there. There are plenty of "overviews" that cover the
>>same information.
>>
>>Only if I can move the files between different accounts on different
>>stand-alone computers will I know I understand how EFS works. I have been
>>unable to do that.
>>
>>I deleted my personal certificate, but the files in a test directory are still
>>automatically decrypted. This also shows that I don't understand EFS.
>>
>>I need to be able to change my logon password without losing my encrypted files.
>>
>>I don't understand why they say "Recovery Certificate", when supposedly the
>>Recovery Certificate does not include the private key. With no private key, it
>>is impossible to decrypt files.
>>
>>Pat, do a search on EFS in the newsgroups. People are having a very difficult
>>time with encryption. They are losing files. It is easy to encrypt, and
>>difficult to know how the encryption works.
>>
>>Two people have advised me to use non-Microsoft products. People are directing
>>other people to poorly written and formatted non-Microsoft web pages.
>>
>>Part of the confusion is obvious from the fact that there are so many web
>>Microsoft web pages devoted to the same incomplete explanations. EFS is
>>different between Windows 2000 and Windows XP, but often the web pages refer
>>to both seemingly indiscriminately. Those who did the writing were confused
>>about the differences between EFS when connected to a domain, and EFS on a
>>stand-alone computer.
>>
>>Michael
>>
>>_________________________
>>
>>Pat Hoffer [MSFT] wrote:
>>
>>>Here's a Microsoft site with information about EFS:
>>>
>>>http://www.microsoft.com/technet/prodtechnol/winxppro/d...
>>>
>>>Thanks.
>>>Pat
>>>
>>>"M. Jennings" wrote:
>>>
>>>
>>>
>>>>I'm wanting to understand the same issues. Many, many people lose their
>>>>encrypted files, partly because Microsoft's explanation is so poor.
>>>>
>>>>The web site you referenced is very poorly written and formatted. Doesn't
>>>>Micrososoft have anything better? I notice that that web site is mentioned a lot.
>>>>
>>>>Thanks, Michael
>>>>
>>>>___________________________
>>>>
>>>>Torgeir Bakken (MVP) wrote:
>>>>
>>>>
>>>>>NewComrMSNETFam wrote:
>>>>>
>>>>>
>>>>>
>>>>>>Hi,
>>>>>>
>>>>>>Dont ask, I realy don't know but it look like that I cannot open my
>>>>>>encrypted files.
>>>>>>This is to say that the assicated user key of the account with the
>>>>>>problem are misplaced or lost.
>>>>>>
>>>>>>Q1) If the key is not lost but missplaced, who can I locate it and
>>>>>>place it back at the right place?
>>>>>>Q2) If the key is lost, I have a data and system backup of my machine
>>>>>>using the "Backup" program. How can I locate and extract from the
>>>>>>backup the missing key?
>>>>>
>>>>>Hi
>>>>>
>>>>>If you can restore the user profile folders for the user that
>>>>>encrypted the files and if you remember the password for the user
>>>>>when the backup was taken, you might be able to save the files.
>>>>>
>>>>>Take a look at this site for more details:
>>>>>
>>>>>http://www.beginningtoseethelight.org/efsrecovery/
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
Anonymous
a b 8 Security
March 20, 2005 12:25:31 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Pat,

First, I want to say that your reply is very, very much appreciated.

You said below: "As for moving encrypted files between standalone machines,
EFS was not designed in WinXP to do that. (Win2K was a different story.)"

Wow! There is nothing in the documentation that hints at this!

Do I understand you correctly? There is no way whatsoever to decrypt an EFS
encrypted file on a computer other than the one on which it was encrypted,
unless the computer is attached to a domain?

This means that the encrypted data is, basically, owned by Windows 2003?

Do I understand correctly that Microsoft made a change between EFS in Windows
2000 and EFS in Windows 2003/XP, without adequately notifying users?

You said, 'The reality is that many non-domain users are using EFS, also. The
best "recovery policy" for non-domain users is to back up their EFS
certificates/keys. This has not been well-addressed in documentation, which
is why I keep promoting "cipher /x" on this newsgroup.'

You also say below: "The bottom line is that if you back up your EFS
certificate/key, your bases are covered."

I don't understand how backing up my .PFX and .CER files helps me, if I cannot
use them on a different computer. What would happen if a user with a single
computer lost his or her computer because of theft? Would there be no way to
recover the information, even if he or she had backups?

I tried reading my EFS encrypted test data on a second computer with the same
account name and password, and it would not decrypt.

What about the computer on which I originally EFS encrypt is unique, so that I
cannot transport my encrypted data elsewhere? When is a backup of .CER and
..PFX files not a real backup for the data?

If I understand this correctly, it strikes me as cruel. I saw one newsgroup
posting in which a man said he had lost 11 years of research. EFS works in a
way that is counter-intuitive and not documented.

You said, "That's probably more than you ever wanted to know, but I hope it
helps."

It's not more than I wanted to know. It does help, a lot.

Michael


___________________

Pat Hoffer [MSFT] wrote:
> Yes, the data is very domain-oriented, theoretical, and lengthy (and needs to
> be addressed). The KB articles tend to be more specific, so I thought those
> might be helpful to look through. EFS was designed with a domain environment
> in mind. Domains have the default EFS recovery policy (a File Recovery
> certificate and key stored on the DC), that can be used to recover users'
> encrypted files when issues arise. That is why there is so much
> documentation in that direction.
>
> The reality is that many non-domain users are using EFS, also. The best
> "recovery policy" for non-domain users is to back up their EFS
> certificates/keys. This has not been well-addressed in documentation, which
> is why I keep promoting "cipher /x" on this newsgroup. (WS2003 actually
> shipped with a backup UI for this.)
>
> You said you can still decrypt your files even though you have deleted your
> EFS certificate. EFS keeps your private key in cache until you log off. Try
> logging off and then on again, and you should get access denied to those
> files. As for moving encrypted files between standalone machines, EFS was
> not designed in WinXP to do that. (Win2K was a different story.)
>
> The "password change" issue was caused by another Windows component that
> encrypts your EFS private key with your password to keep it secure. When you
> log on and then access an encrypted file, this component decrypts your EFS
> key (using your password) and hands it to EFS. In a domain environment, the
> component had to be able to reach the DC to confirm that the new password is
> correct before it can decrypt your key. This caused a problem for domain
> users who were disconnected from their networks when they tried to access
> encrypted files for the first time after a password change. This issue has
> been fixed in the service packs for WinXP and in SP4 for Win2K.
>
> The bottom line is that if you back up your EFS certificate/key, your bases
> are covered. Do this: encrypt a new file (EFS will create a new certificate
> since you've deleted the original), run "cipher /x" at command line to create
> a .pfx file, delete your new EFS certificate, log off and on, try to open the
> new file (you shouldn't), run or double-click the .pfx file to import the
> certificate (select to make the key exportable), and try to open the new file
> again (you should).
>
> That's probably more than you ever wanted to know, but I hope it helps.
> Thanks for your comments regarding the documentation. I'll pass that on.
>
> Thanks.
> Pat
>
> "M. Jennings" wrote:
>
>
>>Pat,
>>
>>Thanks for your reply.
>>
>>If you read all of Microsoft's documentation carefully, you will find that the
>>explanation just is not there. There are plenty of "overviews" that cover the
>>same information.
>>
>>Only if I can move the files between different accounts on different
>>stand-alone computers will I know I understand how EFS works. I have been
>>unable to do that.
>>
>>I deleted my personal certificate, but the files in a test directory are still
>>automatically decrypted. This also shows that I don't understand EFS.
>>
>>I need to be able to change my logon password without losing my encrypted files.
>>
>>I don't understand why they say "Recovery Certificate", when supposedly the
>>Recovery Certificate does not include the private key. With no private key, it
>>is impossible to decrypt files.
>>
>>Pat, do a search on EFS in the newsgroups. People are having a very difficult
>>time with encryption. They are losing files. It is easy to encrypt, and
>>difficult to know how the encryption works.
>>
>>Two people have advised me to use non-Microsoft products. People are directing
>>other people to poorly written and formatted non-Microsoft web pages.
>>
>>Part of the confusion is obvious from the fact that there are so many web
>>Microsoft web pages devoted to the same incomplete explanations. EFS is
>>different between Windows 2000 and Windows XP, but often the web pages refer
>>to both seemingly indiscriminately. Those who did the writing were confused
>>about the differences between EFS when connected to a domain, and EFS on a
>>stand-alone computer.
>>
>>Michael
>>
>>_________________________
>>
>>Pat Hoffer [MSFT] wrote:
>>
>>>Here's a Microsoft site with information about EFS:
>>>
>>>http://www.microsoft.com/technet/prodtechnol/winxppro/d...
>>>
>>>Thanks.
>>>Pat
>>>
>>>"M. Jennings" wrote:
>>>
>>>
>>>
>>>>I'm wanting to understand the same issues. Many, many people lose their
>>>>encrypted files, partly because Microsoft's explanation is so poor.
>>>>
>>>>The web site you referenced is very poorly written and formatted. Doesn't
>>>>Micrososoft have anything better? I notice that that web site is mentioned a lot.
>>>>
>>>>Thanks, Michael
>>>>
>>>>___________________________
>>>>
>>>>Torgeir Bakken (MVP) wrote:
>>>>
>>>>
>>>>>NewComrMSNETFam wrote:
>>>>>
>>>>>
>>>>>
>>>>>>Hi,
>>>>>>
>>>>>>Dont ask, I realy don't know but it look like that I cannot open my
>>>>>>encrypted files.
>>>>>>This is to say that the assicated user key of the account with the
>>>>>>problem are misplaced or lost.
>>>>>>
>>>>>>Q1) If the key is not lost but missplaced, who can I locate it and
>>>>>>place it back at the right place?
>>>>>>Q2) If the key is lost, I have a data and system backup of my machine
>>>>>>using the "Backup" program. How can I locate and extract from the
>>>>>>backup the missing key?
>>>>>
>>>>>Hi
>>>>>
>>>>>If you can restore the user profile folders for the user that
>>>>>encrypted the files and if you remember the password for the user
>>>>>when the backup was taken, you might be able to save the files.
>>>>>
>>>>>Take a look at this site for more details:
>>>>>
>>>>>http://www.beginningtoseethelight.org/efsrecovery/
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
Anonymous
a b 8 Security
March 20, 2005 12:25:47 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Pat,

First, I want to say that your reply is very, very much appreciated.

You said below: "As for moving encrypted files between standalone machines,
EFS was not designed in WinXP to do that. (Win2K was a different story.)"

Wow! There is nothing in the documentation that hints at this!

Do I understand you correctly? There is no way whatsoever to decrypt an EFS
encrypted file on a computer other than the one on which it was encrypted,
unless the computer is attached to a domain?

This means that the encrypted data is, basically, owned by Windows 2003?

Do I understand correctly that Microsoft made a change between EFS in Windows
2000 and EFS in Windows 2003/XP, without adequately notifying users?

You said, 'The reality is that many non-domain users are using EFS, also. The
best "recovery policy" for non-domain users is to back up their EFS
certificates/keys. This has not been well-addressed in documentation, which
is why I keep promoting "cipher /x" on this newsgroup.'

You also say below: "The bottom line is that if you back up your EFS
certificate/key, your bases are covered."

I don't understand how backing up my .PFX and .CER files helps me, if I cannot
use them on a different computer. What would happen if a user with a single
computer lost his or her computer because of theft? Would there be no way to
recover the information, even if he or she had backups?

I tried reading my EFS encrypted test data on a second computer with the same
account name and password, and it would not decrypt.

What about the computer on which I originally EFS encrypt is unique, so that I
cannot transport my encrypted data elsewhere? When is a backup of .CER and
..PFX files not a real backup for the data?

If I understand this correctly, it strikes me as cruel. I saw one newsgroup
posting in which a man said he had lost 11 years of research. EFS works in a
way that is counter-intuitive and not documented.

You said, "That's probably more than you ever wanted to know, but I hope it
helps."

It's not more than I wanted to know. It does help, a lot.

Michael


___________________

Pat Hoffer [MSFT] wrote:
> Yes, the data is very domain-oriented, theoretical, and lengthy (and needs to
> be addressed). The KB articles tend to be more specific, so I thought those
> might be helpful to look through. EFS was designed with a domain environment
> in mind. Domains have the default EFS recovery policy (a File Recovery
> certificate and key stored on the DC), that can be used to recover users'
> encrypted files when issues arise. That is why there is so much
> documentation in that direction.
>
> The reality is that many non-domain users are using EFS, also. The best
> "recovery policy" for non-domain users is to back up their EFS
> certificates/keys. This has not been well-addressed in documentation, which
> is why I keep promoting "cipher /x" on this newsgroup. (WS2003 actually
> shipped with a backup UI for this.)
>
> You said you can still decrypt your files even though you have deleted your
> EFS certificate. EFS keeps your private key in cache until you log off. Try
> logging off and then on again, and you should get access denied to those
> files. As for moving encrypted files between standalone machines, EFS was
> not designed in WinXP to do that. (Win2K was a different story.)
>
> The "password change" issue was caused by another Windows component that
> encrypts your EFS private key with your password to keep it secure. When you
> log on and then access an encrypted file, this component decrypts your EFS
> key (using your password) and hands it to EFS. In a domain environment, the
> component had to be able to reach the DC to confirm that the new password is
> correct before it can decrypt your key. This caused a problem for domain
> users who were disconnected from their networks when they tried to access
> encrypted files for the first time after a password change. This issue has
> been fixed in the service packs for WinXP and in SP4 for Win2K.
>
> The bottom line is that if you back up your EFS certificate/key, your bases
> are covered. Do this: encrypt a new file (EFS will create a new certificate
> since you've deleted the original), run "cipher /x" at command line to create
> a .pfx file, delete your new EFS certificate, log off and on, try to open the
> new file (you shouldn't), run or double-click the .pfx file to import the
> certificate (select to make the key exportable), and try to open the new file
> again (you should).
>
> That's probably more than you ever wanted to know, but I hope it helps.
> Thanks for your comments regarding the documentation. I'll pass that on.
>
> Thanks.
> Pat
>
> "M. Jennings" wrote:
>
>
>>Pat,
>>
>>Thanks for your reply.
>>
>>If you read all of Microsoft's documentation carefully, you will find that the
>>explanation just is not there. There are plenty of "overviews" that cover the
>>same information.
>>
>>Only if I can move the files between different accounts on different
>>stand-alone computers will I know I understand how EFS works. I have been
>>unable to do that.
>>
>>I deleted my personal certificate, but the files in a test directory are still
>>automatically decrypted. This also shows that I don't understand EFS.
>>
>>I need to be able to change my logon password without losing my encrypted files.
>>
>>I don't understand why they say "Recovery Certificate", when supposedly the
>>Recovery Certificate does not include the private key. With no private key, it
>>is impossible to decrypt files.
>>
>>Pat, do a search on EFS in the newsgroups. People are having a very difficult
>>time with encryption. They are losing files. It is easy to encrypt, and
>>difficult to know how the encryption works.
>>
>>Two people have advised me to use non-Microsoft products. People are directing
>>other people to poorly written and formatted non-Microsoft web pages.
>>
>>Part of the confusion is obvious from the fact that there are so many web
>>Microsoft web pages devoted to the same incomplete explanations. EFS is
>>different between Windows 2000 and Windows XP, but often the web pages refer
>>to both seemingly indiscriminately. Those who did the writing were confused
>>about the differences between EFS when connected to a domain, and EFS on a
>>stand-alone computer.
>>
>>Michael
>>
>>_________________________
>>
>>Pat Hoffer [MSFT] wrote:
>>
>>>Here's a Microsoft site with information about EFS:
>>>
>>>http://www.microsoft.com/technet/prodtechnol/winxppro/d...
>>>
>>>Thanks.
>>>Pat
>>>
>>>"M. Jennings" wrote:
>>>
>>>
>>>
>>>>I'm wanting to understand the same issues. Many, many people lose their
>>>>encrypted files, partly because Microsoft's explanation is so poor.
>>>>
>>>>The web site you referenced is very poorly written and formatted. Doesn't
>>>>Micrososoft have anything better? I notice that that web site is mentioned a lot.
>>>>
>>>>Thanks, Michael
>>>>
>>>>___________________________
>>>>
>>>>Torgeir Bakken (MVP) wrote:
>>>>
>>>>
>>>>>NewComrMSNETFam wrote:
>>>>>
>>>>>
>>>>>
>>>>>>Hi,
>>>>>>
>>>>>>Dont ask, I realy don't know but it look like that I cannot open my
>>>>>>encrypted files.
>>>>>>This is to say that the assicated user key of the account with the
>>>>>>problem are misplaced or lost.
>>>>>>
>>>>>>Q1) If the key is not lost but missplaced, who can I locate it and
>>>>>>place it back at the right place?
>>>>>>Q2) If the key is lost, I have a data and system backup of my machine
>>>>>>using the "Backup" program. How can I locate and extract from the
>>>>>>backup the missing key?
>>>>>
>>>>>Hi
>>>>>
>>>>>If you can restore the user profile folders for the user that
>>>>>encrypted the files and if you remember the password for the user
>>>>>when the backup was taken, you might be able to save the files.
>>>>>
>>>>>Take a look at this site for more details:
>>>>>
>>>>>http://www.beginningtoseethelight.org/efsrecovery/
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
Anonymous
a b 8 Security
March 20, 2005 8:56:12 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Pat,

My newsreader software failed, and posted three copies of my previous message.

The EFS question: In numerous places, readers are told that they can recover
encrypted files if they have the .PFX file. Sometimes they are told that only
a .CER file (apparently with no private key) is sufficient for recovery. Yet
you seem to indicate below that is not true, and my tests show it is not true.
My tests show that I cannot read files from an account with the same user name
and the same user name password on another computer. Encrypted data seems to
be tied to Windows and a particular Windows installation. Users seem to be
losing control of their data in a way they would never accept if they understood.

What then is the minimum required to recover encrypted files? I need an
understanding and step-by-step instructions so I can do it myself. The
instructions cannot involve a domain, since there are numerous instances in
which someone traveling may need to recover data without involvement with a
home office, particularly in less-developed foreign countries.

Thank you,

Michael

__________________________

Pat Hoffer [MSFT] wrote:
> Yes, the data is very domain-oriented, theoretical, and lengthy (and needs to
> be addressed). The KB articles tend to be more specific, so I thought those
> might be helpful to look through. EFS was designed with a domain environment
> in mind. Domains have the default EFS recovery policy (a File Recovery
> certificate and key stored on the DC), that can be used to recover users'
> encrypted files when issues arise. That is why there is so much
> documentation in that direction.
>
> The reality is that many non-domain users are using EFS, also. The best
> "recovery policy" for non-domain users is to back up their EFS
> certificates/keys. This has not been well-addressed in documentation, which
> is why I keep promoting "cipher /x" on this newsgroup. (WS2003 actually
> shipped with a backup UI for this.)
>
> You said you can still decrypt your files even though you have deleted your
> EFS certificate. EFS keeps your private key in cache until you log off. Try
> logging off and then on again, and you should get access denied to those
> files. As for moving encrypted files between standalone machines, EFS was
> not designed in WinXP to do that. (Win2K was a different story.)
>
> The "password change" issue was caused by another Windows component that
> encrypts your EFS private key with your password to keep it secure. When you
> log on and then access an encrypted file, this component decrypts your EFS
> key (using your password) and hands it to EFS. In a domain environment, the
> component had to be able to reach the DC to confirm that the new password is
> correct before it can decrypt your key. This caused a problem for domain
> users who were disconnected from their networks when they tried to access
> encrypted files for the first time after a password change. This issue has
> been fixed in the service packs for WinXP and in SP4 for Win2K.
>
> The bottom line is that if you back up your EFS certificate/key, your bases
> are covered. Do this: encrypt a new file (EFS will create a new certificate
> since you've deleted the original), run "cipher /x" at command line to create
> a .pfx file, delete your new EFS certificate, log off and on, try to open the
> new file (you shouldn't), run or double-click the .pfx file to import the
> certificate (select to make the key exportable), and try to open the new file
> again (you should).
>
> That's probably more than you ever wanted to know, but I hope it helps.
> Thanks for your comments regarding the documentation. I'll pass that on.
>
> Thanks.
> Pat
>
> "M. Jennings" wrote:
>
>
>>Pat,
>>
>>Thanks for your reply.
>>
>>If you read all of Microsoft's documentation carefully, you will find that the
>>explanation just is not there. There are plenty of "overviews" that cover the
>>same information.
>>
>>Only if I can move the files between different accounts on different
>>stand-alone computers will I know I understand how EFS works. I have been
>>unable to do that.
>>
>>I deleted my personal certificate, but the files in a test directory are still
>>automatically decrypted. This also shows that I don't understand EFS.
>>
>>I need to be able to change my logon password without losing my encrypted files.
>>
>>I don't understand why they say "Recovery Certificate", when supposedly the
>>Recovery Certificate does not include the private key. With no private key, it
>>is impossible to decrypt files.
>>
>>Pat, do a search on EFS in the newsgroups. People are having a very difficult
>>time with encryption. They are losing files. It is easy to encrypt, and
>>difficult to know how the encryption works.
>>
>>Two people have advised me to use non-Microsoft products. People are directing
>>other people to poorly written and formatted non-Microsoft web pages.
>>
>>Part of the confusion is obvious from the fact that there are so many web
>>Microsoft web pages devoted to the same incomplete explanations. EFS is
>>different between Windows 2000 and Windows XP, but often the web pages refer
>>to both seemingly indiscriminately. Those who did the writing were confused
>>about the differences between EFS when connected to a domain, and EFS on a
>>stand-alone computer.
>>
>>Michael
>>
>>_________________________
>>
>>Pat Hoffer [MSFT] wrote:
>>
>>>Here's a Microsoft site with information about EFS:
>>>
>>>http://www.microsoft.com/technet/prodtechnol/winxppro/d...
>>>
>>>Thanks.
>>>Pat
>>>
>>>"M. Jennings" wrote:
>>>
>>>
>>>
>>>>I'm wanting to understand the same issues. Many, many people lose their
>>>>encrypted files, partly because Microsoft's explanation is so poor.
>>>>
>>>>The web site you referenced is very poorly written and formatted. Doesn't
>>>>Micrososoft have anything better? I notice that that web site is mentioned a lot.
>>>>
>>>>Thanks, Michael
>>>>
>>>>___________________________
>>>>
>>>>Torgeir Bakken (MVP) wrote:
>>>>
>>>>
>>>>>NewComrMSNETFam wrote:
>>>>>
>>>>>
>>>>>
>>>>>>Hi,
>>>>>>
>>>>>>Dont ask, I realy don't know but it look like that I cannot open my
>>>>>>encrypted files.
>>>>>>This is to say that the assicated user key of the account with the
>>>>>>problem are misplaced or lost.
>>>>>>
>>>>>>Q1) If the key is not lost but missplaced, who can I locate it and
>>>>>>place it back at the right place?
>>>>>>Q2) If the key is lost, I have a data and system backup of my machine
>>>>>>using the "Backup" program. How can I locate and extract from the
>>>>>>backup the missing key?
>>>>>
>>>>>Hi
>>>>>
>>>>>If you can restore the user profile folders for the user that
>>>>>encrypted the files and if you remember the password for the user
>>>>>when the backup was taken, you might be able to save the files.
>>>>>
>>>>>Take a look at this site for more details:
>>>>>
>>>>>http://www.beginningtoseethelight.org/efsrecovery/
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
!