Sign in with
Sign up | Sign in
Your question
Closed

Unable to Decrypt Files Previously Encrypted with same cer..

Last response: in Windows XP
Share
Anonymous
June 27, 2005 1:08:29 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

"DeltaBankUser" <DeltaBankUser@discussions.microsoft.com> wrote in message
news:04E2CC54-CD5D-4AE9-BABE-5CFF001D652C@microsoft.com...
>I am unable to open or decrypt files that I previously encrypted. Can
>anyone
> offer any insight?

You don't give us enough information. Has your password for your user
account been changed? Did you reinstall Windows? Have there been any changes
to your system?

Kerry
Anonymous
June 27, 2005 1:19:04 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

The password for the user account has been recently changed. Password
expires every 30 days and must be changed. If this is the cause, how can I
solve?

"Kerry Brown" wrote:

> "DeltaBankUser" <DeltaBankUser@discussions.microsoft.com> wrote in message
> news:04E2CC54-CD5D-4AE9-BABE-5CFF001D652C@microsoft.com...
> >I am unable to open or decrypt files that I previously encrypted. Can
> >anyone
> > offer any insight?
>
> You don't give us enough information. Has your password for your user
> account been changed? Did you reinstall Windows? Have there been any changes
> to your system?
>
> Kerry
>
>
>
Related resources
June 27, 2005 1:49:30 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

DeltaBankUser wrote:

> The password for the user account has been recently changed. Password
> expires every 30 days and must be changed. If this is the cause, how can I
> solve?
>
> "Kerry Brown" wrote:
>
>
>>"DeltaBankUser" <DeltaBankUser@discussions.microsoft.com> wrote in message
>>news:04E2CC54-CD5D-4AE9-BABE-5CFF001D652C@microsoft.com...
>>
>>>I am unable to open or decrypt files that I previously encrypted. Can
>>>anyone
>>>offer any insight?
>>
>>You don't give us enough information. Has your password for your user
>>account been changed? Did you reinstall Windows? Have there been any changes
>>to your system?
>>
>>Kerry

Suggest you don't use XP's EFS. There are so many ways it can bite you,
and the protection is minimal.


--
Rock
MS MVP Windows - Shell/User
Anonymous
June 27, 2005 2:01:59 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

"DeltaBankUser" <DeltaBankUser@discussions.microsoft.com> wrote in message
news:E2E6B8F6-42DF-4ECE-9689-CC621F5E2755@microsoft.com...
> The password for the user account has been recently changed. Password
> expires every 30 days and must be changed. If this is the cause, how can
> I
> solve?
>
> "Kerry Brown" wrote:
>
>> "DeltaBankUser" <DeltaBankUser@discussions.microsoft.com> wrote in
>> message
>> news:04E2CC54-CD5D-4AE9-BABE-5CFF001D652C@microsoft.com...
>> >I am unable to open or decrypt files that I previously encrypted. Can
>> >anyone
>> > offer any insight?
>>
>> You don't give us enough information. Has your password for your user
>> account been changed? Did you reinstall Windows? Have there been any
>> changes
>> to your system?
>>
>> Kerry
>>
>>
>>

Try changing the password back. If you are in a domain you may have to get
an administrator to temporarily change the policy if you cannot change it
back. Do not allow the password to be changed other than by the user. Check
out the cipher command for updating the keys. Also check to see if there is
a default recovery agent set up. The following link is an overview of EFS.
It is a complicated service with many pitfalls to snag the unwary.

http://www.microsoft.com/resources/documentation/Window...

Kerry
Anonymous
June 27, 2005 3:03:02 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

How useless is this comment?
I have obviously already been bitten by XP's EFS and have no intention of
using again.

"Rock" wrote:

> DeltaBankUser wrote:
>
> > The password for the user account has been recently changed. Password
> > expires every 30 days and must be changed. If this is the cause, how can I
> > solve?
> >
> > "Kerry Brown" wrote:
> >
> >
> >>"DeltaBankUser" <DeltaBankUser@discussions.microsoft.com> wrote in message
> >>news:04E2CC54-CD5D-4AE9-BABE-5CFF001D652C@microsoft.com...
> >>
> >>>I am unable to open or decrypt files that I previously encrypted. Can
> >>>anyone
> >>>offer any insight?
> >>
> >>You don't give us enough information. Has your password for your user
> >>account been changed? Did you reinstall Windows? Have there been any changes
> >>to your system?
> >>
> >>Kerry
>
> Suggest you don't use XP's EFS. There are so many ways it can bite you,
> and the protection is minimal.
>
>
> --
> Rock
> MS MVP Windows - Shell/User
>
>
Anonymous
June 27, 2005 3:16:02 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Great idea. Unfortunately, I do not remember my previous password. I do not
(as I should not) keep records of passwords.

Any other suggestions?

"Kerry Brown" wrote:

> "DeltaBankUser" <DeltaBankUser@discussions.microsoft.com> wrote in message
> news:E2E6B8F6-42DF-4ECE-9689-CC621F5E2755@microsoft.com...
> > The password for the user account has been recently changed. Password
> > expires every 30 days and must be changed. If this is the cause, how can
> > I
> > solve?
> >
> > "Kerry Brown" wrote:
> >
> >> "DeltaBankUser" <DeltaBankUser@discussions.microsoft.com> wrote in
> >> message
> >> news:04E2CC54-CD5D-4AE9-BABE-5CFF001D652C@microsoft.com...
> >> >I am unable to open or decrypt files that I previously encrypted. Can
> >> >anyone
> >> > offer any insight?
> >>
> >> You don't give us enough information. Has your password for your user
> >> account been changed? Did you reinstall Windows? Have there been any
> >> changes
> >> to your system?
> >>
> >> Kerry
> >>
> >>
> >>
>
> Try changing the password back. If you are in a domain you may have to get
> an administrator to temporarily change the policy if you cannot change it
> back. Do not allow the password to be changed other than by the user. Check
> out the cipher command for updating the keys. Also check to see if there is
> a default recovery agent set up. The following link is an overview of EFS.
> It is a complicated service with many pitfalls to snag the unwary.
>
> http://www.microsoft.com/resources/documentation/Window...
>
> Kerry
>
>
>
Anonymous
June 27, 2005 3:29:15 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

"DeltaBankUser" <DeltaBankUser@discussions.microsoft.com> wrote in message
news:3FBEDADC-52B3-4096-A39D-187ED9C644CB@microsoft.com...
> Great idea. Unfortunately, I do not remember my previous password. I do
> not
> (as I should not) keep records of passwords.
>
> Any other suggestions?
>

There were a couple of suggestions in my last post. EFS is complicated.
Without knowing exactly what was done no one will be able to give you step
by step instructions. If your data is important, read through the link. See
if anything there applies to you. In particular look to see if there is a
default recovery agent in place. If you are in a domain talk to the domain
admins. If this doesn't help then you will have to take the PC to a local
expert to see if anything can be recovered. It is doubtful at this point.

Kerry

> "Kerry Brown" wrote:
>
>> "DeltaBankUser" <DeltaBankUser@discussions.microsoft.com> wrote in
>> message
>> news:E2E6B8F6-42DF-4ECE-9689-CC621F5E2755@microsoft.com...
>> > The password for the user account has been recently changed. Password
>> > expires every 30 days and must be changed. If this is the cause, how
>> > can
>> > I
>> > solve?
>> >
>> > "Kerry Brown" wrote:
>> >
>> >> "DeltaBankUser" <DeltaBankUser@discussions.microsoft.com> wrote in
>> >> message
>> >> news:04E2CC54-CD5D-4AE9-BABE-5CFF001D652C@microsoft.com...
>> >> >I am unable to open or decrypt files that I previously encrypted. Can
>> >> >anyone
>> >> > offer any insight?
>> >>
>> >> You don't give us enough information. Has your password for your user
>> >> account been changed? Did you reinstall Windows? Have there been any
>> >> changes
>> >> to your system?
>> >>
>> >> Kerry
>> >>
>> >>
>> >>
>>
>> Try changing the password back. If you are in a domain you may have to
>> get
>> an administrator to temporarily change the policy if you cannot change it
>> back. Do not allow the password to be changed other than by the user.
>> Check
>> out the cipher command for updating the keys. Also check to see if there
>> is
>> a default recovery agent set up. The following link is an overview of
>> EFS.
>> It is a complicated service with many pitfalls to snag the unwary.
>>
>> http://www.microsoft.com/resources/documentation/Window...
>>
>> Kerry
>>
>>
>>
June 27, 2005 4:01:25 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

DeltaBankUser wrote:

> How useless is this comment?
> I have obviously already been bitten by XP's EFS and have no intention of
> using again.
>
> "Rock" wrote:

Use it for what you want. I didn't know if your intention was to figure
out a way to continue using EFS or to abandon it. If the former then my
comment was to help you make the decision not to. You've decided the
later which is good.

Good luck to you.

--
Rock
MS MVP Windows - Shell/User
Anonymous
June 28, 2005 12:25:15 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

On Mon, 27 Jun 2005 08:37:05 -0700, "DeltaBankUser"
<DeltaBankUser@discussions.microsoft.com> wrote:

>I am unable to open or decrypt files that I previously encrypted. Can anyone
>offer any insight?

Welcome to the world of EFS. If this was your home computer, what
state level secrets were you protecting at home? Surely there was an
easier way to hide your porno collection?
Anonymous
June 28, 2005 12:28:49 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

What local expert will be able to break the encryption...unless your
local expert is an NSA agent who can take the hard drive to work with
him/her? Even with that, decryption is not a given.

On Mon, 27 Jun 2005 11:29:15 -0700, "Kerry Brown"
<kerry@kdbNOSPAMsys-tems.c*a*m> wrote:

>"DeltaBankUser" <DeltaBankUser@discussions.microsoft.com> wrote in message
>news:3FBEDADC-52B3-4096-A39D-187ED9C644CB@microsoft.com...
>> Great idea. Unfortunately, I do not remember my previous password. I do
>> not
>> (as I should not) keep records of passwords.
>>
>> Any other suggestions?
>>
>
>There were a couple of suggestions in my last post. EFS is complicated.
>Without knowing exactly what was done no one will be able to give you step
>by step instructions. If your data is important, read through the link. See
>if anything there applies to you. In particular look to see if there is a
>default recovery agent in place. If you are in a domain talk to the domain
>admins. If this doesn't help then you will have to take the PC to a local
>expert to see if anything can be recovered. It is doubtful at this point.
>
>Kerry
>
>> "Kerry Brown" wrote:
>>
>>> "DeltaBankUser" <DeltaBankUser@discussions.microsoft.com> wrote in
>>> message
>>> news:E2E6B8F6-42DF-4ECE-9689-CC621F5E2755@microsoft.com...
>>> > The password for the user account has been recently changed. Password
>>> > expires every 30 days and must be changed. If this is the cause, how
>>> > can
>>> > I
>>> > solve?
>>> >
>>> > "Kerry Brown" wrote:
>>> >
>>> >> "DeltaBankUser" <DeltaBankUser@discussions.microsoft.com> wrote in
>>> >> message
>>> >> news:04E2CC54-CD5D-4AE9-BABE-5CFF001D652C@microsoft.com...
>>> >> >I am unable to open or decrypt files that I previously encrypted. Can
>>> >> >anyone
>>> >> > offer any insight?
>>> >>
>>> >> You don't give us enough information. Has your password for your user
>>> >> account been changed? Did you reinstall Windows? Have there been any
>>> >> changes
>>> >> to your system?
>>> >>
>>> >> Kerry
>>> >>
>>> >>
>>> >>
>>>
>>> Try changing the password back. If you are in a domain you may have to
>>> get
>>> an administrator to temporarily change the policy if you cannot change it
>>> back. Do not allow the password to be changed other than by the user.
>>> Check
>>> out the cipher command for updating the keys. Also check to see if there
>>> is
>>> a default recovery agent set up. The following link is an overview of
>>> EFS.
>>> It is a complicated service with many pitfalls to snag the unwary.
>>>
>>> http://www.microsoft.com/resources/documentation/Window...
>>>
>>> Kerry
>>>
>>>
>>>
>
Anonymous
June 28, 2005 12:28:50 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

"NobodyMan" <none@none.net> wrote in message
news:cc61c15q3ljln70ebhi4isajmfsgqmtapt@4ax.com...
> What local expert will be able to break the encryption...unless your
> local expert is an NSA agent who can take the hard drive to work with
> him/her? Even with that, decryption is not a given.
>

Did I say anywhere a local expert would be able to break the encryption? It
is possible given the OP's answers that the certificate and key may be
recoverable. If the certificate is recoverable it is quite easy to decrypt
the files. EFS gets a bad rap on this news group. Many people have to use it
because of policies put in place by their employer or the government. It
would be nice if people were warned first but MS in their wisdom decided not
to warn people to back up the key before allowing encryption to happen. Just
because the key is lost doesn't mean it can't be found.

Kerry

> On Mon, 27 Jun 2005 11:29:15 -0700, "Kerry Brown"
> <kerry@kdbNOSPAMsys-tems.c*a*m> wrote:
>
>>"DeltaBankUser" <DeltaBankUser@discussions.microsoft.com> wrote in message
>>news:3FBEDADC-52B3-4096-A39D-187ED9C644CB@microsoft.com...
>>> Great idea. Unfortunately, I do not remember my previous password. I
>>> do
>>> not
>>> (as I should not) keep records of passwords.
>>>
>>> Any other suggestions?
>>>
>>
>>There were a couple of suggestions in my last post. EFS is complicated.
>>Without knowing exactly what was done no one will be able to give you step
>>by step instructions. If your data is important, read through the link.
>>See
>>if anything there applies to you. In particular look to see if there is a
>>default recovery agent in place. If you are in a domain talk to the domain
>>admins. If this doesn't help then you will have to take the PC to a local
>>expert to see if anything can be recovered. It is doubtful at this point.
>>
>>Kerry
>>
>>> "Kerry Brown" wrote:
>>>
>>>> "DeltaBankUser" <DeltaBankUser@discussions.microsoft.com> wrote in
>>>> message
>>>> news:E2E6B8F6-42DF-4ECE-9689-CC621F5E2755@microsoft.com...
>>>> > The password for the user account has been recently changed.
>>>> > Password
>>>> > expires every 30 days and must be changed. If this is the cause, how
>>>> > can
>>>> > I
>>>> > solve?
>>>> >
>>>> > "Kerry Brown" wrote:
>>>> >
>>>> >> "DeltaBankUser" <DeltaBankUser@discussions.microsoft.com> wrote in
>>>> >> message
>>>> >> news:04E2CC54-CD5D-4AE9-BABE-5CFF001D652C@microsoft.com...
>>>> >> >I am unable to open or decrypt files that I previously encrypted.
>>>> >> >Can
>>>> >> >anyone
>>>> >> > offer any insight?
>>>> >>
>>>> >> You don't give us enough information. Has your password for your
>>>> >> user
>>>> >> account been changed? Did you reinstall Windows? Have there been any
>>>> >> changes
>>>> >> to your system?
>>>> >>
>>>> >> Kerry
>>>> >>
>>>> >>
>>>> >>
>>>>
>>>> Try changing the password back. If you are in a domain you may have to
>>>> get
>>>> an administrator to temporarily change the policy if you cannot change
>>>> it
>>>> back. Do not allow the password to be changed other than by the user.
>>>> Check
>>>> out the cipher command for updating the keys. Also check to see if
>>>> there
>>>> is
>>>> a default recovery agent set up. The following link is an overview of
>>>> EFS.
>>>> It is a complicated service with many pitfalls to snag the unwary.
>>>>
>>>> http://www.microsoft.com/resources/documentation/Window...
>>>>
>>>> Kerry
>>>>
>>>>
>>>>
>>
>
>
Anonymous
June 29, 2005 2:57:20 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

On Mon, 27 Jun 2005 17:40:21 -0700, "Kerry Brown"
<kerry@kdbNOSPAMsys-tems.c*a*m> wrote:

>> What local expert will be able to break the encryption...unless your
>> local expert is an NSA agent who can take the hard drive to work with
>> him/her? Even with that, decryption is not a given.
>>
>
>Did I say anywhere a local expert would be able to break the encryption? It
>is possible given the OP's answers that the certificate and key may be
>recoverable. If the certificate is recoverable it is quite easy to decrypt
>the files. EFS gets a bad rap on this news group. Many people have to use it
>because of policies put in place by their employer or the government. It
>would be nice if people were warned first but MS in their wisdom decided not
>to warn people to back up the key before allowing encryption to happen. Just
>because the key is lost doesn't mean it can't be found.
>
>Kerry

You said this:

"If this doesn't help then you will have to take the PC to a local
expert to see if anything can be recovered. It is doubtful at this
point."

That sentence STRONGLY implied that a local expert might be able to
break the encryption. You never specifed retrieving the encryption
certificates or keys.
Anonymous
June 29, 2005 2:57:21 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

"NobodyMan" <none@none.net> wrote in message
news:eg34c152tgfiuo4sfcfue4mb4k9tcckvhk@4ax.com...
> On Mon, 27 Jun 2005 17:40:21 -0700, "Kerry Brown"
> <kerry@kdbNOSPAMsys-tems.c*a*m> wrote:
>
>>> What local expert will be able to break the encryption...unless your
>>> local expert is an NSA agent who can take the hard drive to work with
>>> him/her? Even with that, decryption is not a given.
>>>
>>
>>Did I say anywhere a local expert would be able to break the encryption?
>>It
>>is possible given the OP's answers that the certificate and key may be
>>recoverable. If the certificate is recoverable it is quite easy to decrypt
>>the files. EFS gets a bad rap on this news group. Many people have to use
>>it
>>because of policies put in place by their employer or the government. It
>>would be nice if people were warned first but MS in their wisdom decided
>>not
>>to warn people to back up the key before allowing encryption to happen.
>>Just
>>because the key is lost doesn't mean it can't be found.
>>
>>Kerry
>
> You said this:
>
> "If this doesn't help then you will have to take the PC to a local
> expert to see if anything can be recovered. It is doubtful at this
> point."
>
> That sentence STRONGLY implied that a local expert might be able to
> break the encryption. You never specifed retrieving the encryption
> certificates or keys.
>

You may have read that into it but it was not implied. It's stupid arguing
over semantics. If you actually read my post I also said that it was
doubtful that anything could be recovered. From your posts it's obvious you
don't like Microsoft and particulary don't like the way they implemented
EFS. Don't let this stand in the way of helping someone who has a problem. I
don't really like the way EFS is implemented either but it exists, it works
if you do everything right. If you do something wrong you will lose your
data. This is true of most encryption, otherwise it would be too easy for
the wrong person to decrypt the file. The only thing really wrong with EFS
is the documentation and the fact that there are no warnings before it's
use.

Kerry
Anonymous
June 29, 2005 3:38:21 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

To quote from page 496 of "Microsoft Windows XP Inside out" by Ed Bott
& Carl Siechert 2001 Microsoft Press (Publisher) ISBN 0-7356-1382-6

" If you copy (an encrypted file) to a FAT volume (including floppy
disks) or to an NTFS volume on a computer that is running Windows NT,
the file becomes decrypted "

I haven't tried it because I do not use EFS but you may as well try it.
It may even work with a FAT32 formatted HDD.
Anonymous
June 29, 2005 10:36:13 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

"GreenieLeBrun" <GreenieLeBrun@hotmail.com> wrote in message
news:1120027101.439546.98630@g43g2000cwa.googlegroups.com...
> To quote from page 496 of "Microsoft Windows XP Inside out" by Ed Bott
> & Carl Siechert 2001 Microsoft Press (Publisher) ISBN 0-7356-1382-6
>
> " If you copy (an encrypted file) to a FAT volume (including floppy
> disks) or to an NTFS volume on a computer that is running Windows NT,
> the file becomes decrypted "
>
> I haven't tried it because I do not use EFS but you may as well try it.
> It may even work with a FAT32 formatted HDD.
>

This only works if you can decrypt the file in the first place. In this case
it wouldn't work.

Kerry
Anonymous
June 30, 2005 12:33:29 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

On Tue, 28 Jun 2005 21:35:28 -0700, "Kerry Brown"
<kerry@kdbNOSPAMsys-tems.c*a*m> wrote:

>
>"NobodyMan" <none@none.net> wrote in message
>news:eg34c152tgfiuo4sfcfue4mb4k9tcckvhk@4ax.com...
>> On Mon, 27 Jun 2005 17:40:21 -0700, "Kerry Brown"
>> <kerry@kdbNOSPAMsys-tems.c*a*m> wrote:
>>
>>>> What local expert will be able to break the encryption...unless your
>>>> local expert is an NSA agent who can take the hard drive to work with
>>>> him/her? Even with that, decryption is not a given.
>>>>
>>>
>>>Did I say anywhere a local expert would be able to break the encryption?
>>>It
>>>is possible given the OP's answers that the certificate and key may be
>>>recoverable. If the certificate is recoverable it is quite easy to decrypt
>>>the files. EFS gets a bad rap on this news group. Many people have to use
>>>it
>>>because of policies put in place by their employer or the government. It
>>>would be nice if people were warned first but MS in their wisdom decided
>>>not
>>>to warn people to back up the key before allowing encryption to happen.
>>>Just
>>>because the key is lost doesn't mean it can't be found.
>>>
>>>Kerry
>>
>> You said this:
>>
>> "If this doesn't help then you will have to take the PC to a local
>> expert to see if anything can be recovered. It is doubtful at this
>> point."
>>
>> That sentence STRONGLY implied that a local expert might be able to
>> break the encryption. You never specifed retrieving the encryption
>> certificates or keys.
>>
>
>You may have read that into it but it was not implied. It's stupid arguing
>over semantics. If you actually read my post I also said that it was
>doubtful that anything could be recovered. From your posts it's obvious you
>don't like Microsoft and particulary don't like the way they implemented
>EFS. Don't let this stand in the way of helping someone who has a problem. I
>don't really like the way EFS is implemented either but it exists, it works
>if you do everything right. If you do something wrong you will lose your
>data. This is true of most encryption, otherwise it would be too easy for
>the wrong person to decrypt the file. The only thing really wrong with EFS
>is the documentation and the fact that there are no warnings before it's
>use.
>
>Kerry
>
It's not that I don't like, or dislike, MS or the policies. That is
irrelevant. I have used MS OSs for years and let's face it, for PC
desktops, it's the Gold Standard.

What I really don't like is even making EFS an option. IMO, it should
be an add-on you can acquire. It is strong encryption, but it is also
weak, as it is only as strong as the user account password which
protects it - which, for a HUGE majority of home users, means anybody
can access their files since most don't even bother with passwords.
Those that use them don't use very strong ones.

It also has no real purpose on a huge majority of household PCs. This
is DOD (IOW, governmental) level encryption. What state secrets are
all these people protecting? Let's face it, there are so many easier
ways to hide porn collections!
Anonymous
June 30, 2005 12:33:30 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

"NobodyMan" <none@none.net> wrote in message
news:p 6f6c1tqdhghtmfdsi04lvvrcj7crv172d@4ax.com...
> On Tue, 28 Jun 2005 21:35:28 -0700, "Kerry Brown"
> <kerry@kdbNOSPAMsys-tems.c*a*m> wrote:
>
>>
>>"NobodyMan" <none@none.net> wrote in message
>>news:eg34c152tgfiuo4sfcfue4mb4k9tcckvhk@4ax.com...
>>> On Mon, 27 Jun 2005 17:40:21 -0700, "Kerry Brown"
>>> <kerry@kdbNOSPAMsys-tems.c*a*m> wrote:
>>>
>>>>> What local expert will be able to break the encryption...unless your
>>>>> local expert is an NSA agent who can take the hard drive to work with
>>>>> him/her? Even with that, decryption is not a given.
>>>>>
>>>>
>>>>Did I say anywhere a local expert would be able to break the encryption?
>>>>It
>>>>is possible given the OP's answers that the certificate and key may be
>>>>recoverable. If the certificate is recoverable it is quite easy to
>>>>decrypt
>>>>the files. EFS gets a bad rap on this news group. Many people have to
>>>>use
>>>>it
>>>>because of policies put in place by their employer or the government. It
>>>>would be nice if people were warned first but MS in their wisdom decided
>>>>not
>>>>to warn people to back up the key before allowing encryption to happen.
>>>>Just
>>>>because the key is lost doesn't mean it can't be found.
>>>>
>>>>Kerry
>>>
>>> You said this:
>>>
>>> "If this doesn't help then you will have to take the PC to a local
>>> expert to see if anything can be recovered. It is doubtful at this
>>> point."
>>>
>>> That sentence STRONGLY implied that a local expert might be able to
>>> break the encryption. You never specifed retrieving the encryption
>>> certificates or keys.
>>>
>>
>>You may have read that into it but it was not implied. It's stupid arguing
>>over semantics. If you actually read my post I also said that it was
>>doubtful that anything could be recovered. From your posts it's obvious
>>you
>>don't like Microsoft and particulary don't like the way they implemented
>>EFS. Don't let this stand in the way of helping someone who has a problem.
>>I
>>don't really like the way EFS is implemented either but it exists, it
>>works
>>if you do everything right. If you do something wrong you will lose your
>>data. This is true of most encryption, otherwise it would be too easy for
>>the wrong person to decrypt the file. The only thing really wrong with EFS
>>is the documentation and the fact that there are no warnings before it's
>>use.
>>
>>Kerry
>>
> It's not that I don't like, or dislike, MS or the policies. That is
> irrelevant. I have used MS OSs for years and let's face it, for PC
> desktops, it's the Gold Standard.
>
> What I really don't like is even making EFS an option. IMO, it should
> be an add-on you can acquire. It is strong encryption, but it is also
> weak, as it is only as strong as the user account password which
> protects it - which, for a HUGE majority of home users, means anybody
> can access their files since most don't even bother with passwords.
> Those that use them don't use very strong ones.
>
> It also has no real purpose on a huge majority of household PCs. This
> is DOD (IOW, governmental) level encryption. What state secrets are
> all these people protecting? Let's face it, there are so many easier
> ways to hide porn collections!
>
>

I just realised I had you mixed up with someone with a similar handle from a
different newsgroup. I guess I'm getting senile :-)

Many people do need encryption. Anyone who contracts or works for the
government may be required to use it. Many corporations require encryption
of sensitive files. It's not available in XP Home which is what most home
users are using. It also won't work for an account with no password. Any
encryption scheme is susceptible to lost keys. It's the nature of the beast.
You are probably right in that it should be something you have to install.
At the very least there should be a mandatory readme explaining the
pitfalls.

Kerry
!