Archived from groups: microsoft.public.windowsxp.general (
More info?)
koby wrote:
> I used MS Windows XP backup/restore utility. What is ASR?
>
> Also,
>
> My problem is a currpotion of the MBR (Master boot record). Is there is a
> way to boot the machine using cd/USB device (no floppy) and get what we want?
>
> Thanks
>
>
> "Rock" wrote:
>
>
>>koby wrote:
>>
>>
>>>Thanks !!
>>>
>>>Since I backed up my entire harddisk I presume that also the personal
>>>encryption certificate (with its associated private key) and the recovery
>>>agent certificate were backed up. Where can I find them?
>>>
>>>If I would restore the the hardisk using MS backup/restore tool will it work?
>>>
>>
>>I'm not sure about this. The only way possible is if the backup you
>>made was done using the ASR wizard which saves the system state and
>>everything on the C: drive. However to restore using ASR, one boots
>>with the Windows CD, then at one point chooses the ASR option. It then
>>installs a fresh copy of XP, then restores the data from the ASR backup.
>> If the ASR restore does not overwrite the newly created SID with the
>>old one, then you're out of luck. I have never tried this but it might
>>work to allow access to the encrypted files. The bottom line is XP's
>>EFS is data loss waiting to happen.
>>
>>Best practices for the Encrypting File System
>>http://support.microsoft.com/?id=223316
>>
>>How to back up the recovery agent Encrypting File System (EFS) private
>>key in Windows Server 2003, in Windows 2000, and in Windows XP
>>http://support.microsoft.com/?id=241201
>>
>>How to add an EFS recovery agent in Windows XP Professional
>>http://support.microsoft.com/?id=887414
>>
>>--
>>Rock
>>MS MVP Windows - Shell/User
>>
>>
ASR stands for Automated System Recovery. It is one of the options in
Ntbackup. In addition to the backup data file ASR creates a floppy disk
that is needed during the ASR recovery. In my previous post I wrote
that an ASR recovery might allow you to view the encrypted files. What
I meant to say was it might not. And the only way you can even try that
is if you had made an ASR backup. Since you don't know what ASR means
this suggests to me you didn't use the ASR wizard in ntbackup.
Sounds like the only thing that is going to be able to recover your
files is if you can repair the MBR to make the disk bootable. You must
boot into XP from that disk and login to the account where the
encryption was applied to either decrypt the files or create a recovery
agent and export the certificate and key. The other option would be to
clone the disk onto another drive with a working mbr, and see if that
will boot.
You might want to talk with one of the drive data recovery specialty
groups such as www.ontrack.com or www.drivesavers.com.
--
Rock
MS MVP Windows - Shell/User