Recovering Encrypted File on WIndows XP workstation

Archived from groups: microsoft.public.win2000.security (More info?)

I have a user that encrypted a file on the desktop and the user acct has been
deleted off the server. The user no longer works here and I need to recover
the file. I have exported the administrator file recovery certificate and
imported it on the workstation in question. However it does not let me
decrypt the file. I dont have a PKI or CA setup on the domain. I have looked
for articles on the web but what I have read is not working. From what I read
I should be able to log on to the workstation as the domain admin and decrypt
the file but nothing is working. Is there any way to recover the file? any
help would be greatly appreciated!!

Thanks
Chad
2 answers Last reply
More about recovering encrypted file windows workstation
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Let us assume that the XP was joined to the domain when the
    file was encrypted, and that we are speaking of a file encrypted
    by EFS.

    Just what is it that you exported when you
    "exported the administrator file recovery certificate"
    You should have a pfx file that you used for the import that
    contained both the EFS cert and the private key, and when
    you were exporting it you should have seen that it had stated
    use for EFS data recovery. You need the private key to be
    able to decrypt - the cert is for encrypting.

    One thing you could instead do, here stated in the safest form,
    is to use NTbackup at the XP to package up the encrypted file,
    and then unpack this (restore) onto a machine where you can
    log in with the DRA (the account where you exported the EFS
    recovery cert).

    --
    Roger Abell
    Microsoft MVP (Windows Security)
    MCSE (W2k3,W2k,Nt4) MCDBA
    "Chad Guiney" <ChadGuiney@discussions.microsoft.com> wrote in message
    news:4E019A44-C020-460F-AC8F-A817A4BFB072@microsoft.com...
    > I have a user that encrypted a file on the desktop and the user acct has
    been
    > deleted off the server. The user no longer works here and I need to
    recover
    > the file. I have exported the administrator file recovery certificate and
    > imported it on the workstation in question. However it does not let me
    > decrypt the file. I dont have a PKI or CA setup on the domain. I have
    looked
    > for articles on the web but what I have read is not working. From what I
    read
    > I should be able to log on to the workstation as the domain admin and
    decrypt
    > the file but nothing is working. Is there any way to recover the file? any
    > help would be greatly appreciated!!
    >
    > Thanks
    > Chad
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    Windows XP does not require a recovery agent for EFS but it can use one if
    Group Policy was configured for such for that computer. Use the efsinfo tool
    to see if the file has a recovery agent that can decrypt it and who it is.
    Note that when you export a recovery certificate you must also export the
    private key to a password protected .pfx file to import for recovering. If
    you can restore the user account via an Active Directory authoritative
    restore [just for that account] from a System State backup less than sixty
    days old you might be able to reset that user's domain password, logon as
    that user and decrypt the file. The link below explains efsinfo. --- Steve

    http://support.microsoft.com/default.aspx?scid=kb;en-us;243026 --- use
    efsinfo /r /c

    "Chad Guiney" <ChadGuiney@discussions.microsoft.com> wrote in message
    news:4E019A44-C020-460F-AC8F-A817A4BFB072@microsoft.com...
    >I have a user that encrypted a file on the desktop and the user acct has
    >been
    > deleted off the server. The user no longer works here and I need to
    > recover
    > the file. I have exported the administrator file recovery certificate and
    > imported it on the workstation in question. However it does not let me
    > decrypt the file. I dont have a PKI or CA setup on the domain. I have
    > looked
    > for articles on the web but what I have read is not working. From what I
    > read
    > I should be able to log on to the workstation as the domain admin and
    > decrypt
    > the file but nothing is working. Is there any way to recover the file? any
    > help would be greatly appreciated!!
    >
    > Thanks
    > Chad
Ask a new question

Read More

Workstations Windows XP Windows