Sign in with
Sign up | Sign in
Your question

Recovery of Encrypted files. help!

Last response: in Windows XP
Share
Anonymous
July 14, 2005 7:24:06 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Hi

I backed up my entire c disk (without my sygwin files ...), including some
encrypted files. It is restore time. I managed to restore the non-encrypted
docs on another machine. But I cant open the encrypted files.

(1) Can I restore my them on another machine?
(2) Can I restore them on the origimal machine if I reformat the disk and
re=install windows?
(3) Are there any key-files which I can use to see the files?

Thanks
Anonymous
July 14, 2005 7:42:01 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

By the way. I cant read any of the links except

Encrypting File System in Windows XP
http://www.microsoft.com/technet/prodtechnol/winxppro/d...

Thanks, Koby

"koby" wrote:

> Hi
>
> I backed up my entire c disk (without my sygwin files ...), including some
> encrypted files. It is restore time. I managed to restore the non-encrypted
> docs on another machine. But I cant open the encrypted files.
>
> (1) Can I restore my them on another machine?
> (2) Can I restore them on the origimal machine if I reformat the disk and
> re=install windows?
> (3) Are there any key-files which I can use to see the files?
>
> Thanks
Anonymous
July 14, 2005 9:32:21 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Before encrypting anything important, you should back up your
personal encryption certificate (with its associated private key)
and the recovery agent certificate to a floppy disk and store it in
a secure location. If you ever lose your original certificate
(because of a hard disk failure, for example), you can restore
the backup copy and regain access to your files. If you lose all
copies of your certificate (and no recovery agent certificates exist),
you won't be able to use your encrypted files. No back door exists,
nor is there any practical way to hack these files.
(If there were, it wouldn't be very good encryption.)

HOW TO: Remove File Encryption in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;EN-US;308993

Without a backup of the original Encryption Certificate Key, encrypted files
are unrecoverable as they will stay encrypted forever. There is no recovery
method since the encryption algorithm is now completely different with a
reinstall of Windows XP.

See if the following articles help in any way:

HOW TO: Take Ownership of a File or Folder in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;308421

Best Practices for the Encrypting File System
http://support.microsoft.com/default.aspx?scid=kb;en-us;223316

Encrypting File System in Windows XP
http://www.microsoft.com/technet/prodtechnol/winxppro/d...

EFS Files Appear Corrupted When You Open Them
http://support.microsoft.com/default.aspx?scid=kb;en-us;329741

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User
Microsoft Newsgroups

Get Windows XP Service Pack 2 with Advanced Security Technologies:
http://www.microsoft.com/athome/security/protect/window...

-------------------------------------------------------------------------------------------

"koby" wrote:

| Hi
|
| I backed up my entire c disk (without my sygwin files ...), including some
| encrypted files. It is restore time. I managed to restore the non-encrypted
| docs on another machine. But I cant open the encrypted files.
|
| (1) Can I restore my them on another machine?
| (2) Can I restore them on the origimal machine if I reformat the disk and
| re=install windows?
| (3) Are there any key-files which I can use to see the files?
|
| Thanks
Related resources
Anonymous
July 14, 2005 9:32:22 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Thanks !!

Since I backed up my entire harddisk I presume that also the personal
encryption certificate (with its associated private key) and the recovery
agent certificate were backed up. Where can I find them?

If I would restore the the hardisk using MS backup/restore tool will it work?



"Carey Frisch [MVP]" wrote:

> Before encrypting anything important, you should back up your
> personal encryption certificate (with its associated private key)
> and the recovery agent certificate to a floppy disk and store it in
> a secure location. If you ever lose your original certificate
> (because of a hard disk failure, for example), you can restore
> the backup copy and regain access to your files. If you lose all
> copies of your certificate (and no recovery agent certificates exist),
> you won't be able to use your encrypted files. No back door exists,
> nor is there any practical way to hack these files.
> (If there were, it wouldn't be very good encryption.)
>
> HOW TO: Remove File Encryption in Windows XP
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;308993
>
> Without a backup of the original Encryption Certificate Key, encrypted files
> are unrecoverable as they will stay encrypted forever. There is no recovery
> method since the encryption algorithm is now completely different with a
> reinstall of Windows XP.
>
> See if the following articles help in any way:
>
> HOW TO: Take Ownership of a File or Folder in Windows XP
> http://support.microsoft.com/default.aspx?scid=kb;en-us;308421
>
> Best Practices for the Encrypting File System
> http://support.microsoft.com/default.aspx?scid=kb;en-us;223316
>
> Encrypting File System in Windows XP
> http://www.microsoft.com/technet/prodtechnol/winxppro/d...
>
> EFS Files Appear Corrupted When You Open Them
> http://support.microsoft.com/default.aspx?scid=kb;en-us;329741
>
> --
> Carey Frisch
> Microsoft MVP
> Windows XP - Shell/User
> Microsoft Newsgroups
>
> Get Windows XP Service Pack 2 with Advanced Security Technologies:
> http://www.microsoft.com/athome/security/protect/window...
>
> -------------------------------------------------------------------------------------------
>
> "koby" wrote:
>
> | Hi
> |
> | I backed up my entire c disk (without my sygwin files ...), including some
> | encrypted files. It is restore time. I managed to restore the non-encrypted
> | docs on another machine. But I cant open the encrypted files.
> |
> | (1) Can I restore my them on another machine?
> | (2) Can I restore them on the origimal machine if I reformat the disk and
> | re=install windows?
> | (3) Are there any key-files which I can use to see the files?
> |
> | Thanks
>
July 14, 2005 9:57:19 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

koby wrote:

Answers inline:

> Hi
>
> I backed up my entire c disk (without my sygwin files ...), including some
> encrypted files. It is restore time. I managed to restore the non-encrypted
> docs on another machine. But I cant open the encrypted files.
>
> (1) Can I restore my them on another machine?

Only if you saved the encryption certificate and key.

> (2) Can I restore them on the origimal machine if I reformat the disk and
> re=install windows?

Same answer as #1. A reinstall creates a new user account with a
different SID, even if the account name is the same. The encryption was
based on the original account's SID. Without the backup copies of the
encryption certificate, it won't work.

> (3) Are there any key-files which I can use to see the files?

No.

> Thanks



--
Rock
MS MVP Windows - Shell/User
July 14, 2005 10:03:41 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

koby wrote:

> Thanks !!
>
> Since I backed up my entire harddisk I presume that also the personal
> encryption certificate (with its associated private key) and the recovery
> agent certificate were backed up. Where can I find them?
>
> If I would restore the the hardisk using MS backup/restore tool will it work?
>

I'm not sure about this. The only way possible is if the backup you
made was done using the ASR wizard which saves the system state and
everything on the C: drive. However to restore using ASR, one boots
with the Windows CD, then at one point chooses the ASR option. It then
installs a fresh copy of XP, then restores the data from the ASR backup.
If the ASR restore does not overwrite the newly created SID with the
old one, then you're out of luck. I have never tried this but it might
work to allow access to the encrypted files. The bottom line is XP's
EFS is data loss waiting to happen.

Best practices for the Encrypting File System
http://support.microsoft.com/?id=223316

How to back up the recovery agent Encrypting File System (EFS) private
key in Windows Server 2003, in Windows 2000, and in Windows XP
http://support.microsoft.com/?id=241201

How to add an EFS recovery agent in Windows XP Professional
http://support.microsoft.com/?id=887414

--
Rock
MS MVP Windows - Shell/User
Anonymous
July 14, 2005 11:45:06 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

I used MS Windows XP backup/restore utility. What is ASR?

Also,

My problem is a currpotion of the MBR (Master boot record). Is there is a
way to boot the machine using cd/USB device (no floppy) and get what we want?

Thanks


"Rock" wrote:

> koby wrote:
>
> > Thanks !!
> >
> > Since I backed up my entire harddisk I presume that also the personal
> > encryption certificate (with its associated private key) and the recovery
> > agent certificate were backed up. Where can I find them?
> >
> > If I would restore the the hardisk using MS backup/restore tool will it work?
> >
>
> I'm not sure about this. The only way possible is if the backup you
> made was done using the ASR wizard which saves the system state and
> everything on the C: drive. However to restore using ASR, one boots
> with the Windows CD, then at one point chooses the ASR option. It then
> installs a fresh copy of XP, then restores the data from the ASR backup.
> If the ASR restore does not overwrite the newly created SID with the
> old one, then you're out of luck. I have never tried this but it might
> work to allow access to the encrypted files. The bottom line is XP's
> EFS is data loss waiting to happen.
>
> Best practices for the Encrypting File System
> http://support.microsoft.com/?id=223316
>
> How to back up the recovery agent Encrypting File System (EFS) private
> key in Windows Server 2003, in Windows 2000, and in Windows XP
> http://support.microsoft.com/?id=241201
>
> How to add an EFS recovery agent in Windows XP Professional
> http://support.microsoft.com/?id=887414
>
> --
> Rock
> MS MVP Windows - Shell/User
>
>
Anonymous
July 14, 2005 11:46:02 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Where the SID is saved? In Documents and Settings/<account>
or in another place?

Thanks

"Rock" wrote:

> koby wrote:
>
> Answers inline:
>
> > Hi
> >
> > I backed up my entire c disk (without my sygwin files ...), including some
> > encrypted files. It is restore time. I managed to restore the non-encrypted
> > docs on another machine. But I cant open the encrypted files.
> >
> > (1) Can I restore my them on another machine?
>
> Only if you saved the encryption certificate and key.
>
> > (2) Can I restore them on the origimal machine if I reformat the disk and
> > re=install windows?
>
> Same answer as #1. A reinstall creates a new user account with a
> different SID, even if the account name is the same. The encryption was
> based on the original account's SID. Without the backup copies of the
> encryption certificate, it won't work.
>
> > (3) Are there any key-files which I can use to see the files?
>
> No.
>
> > Thanks
>
>
>
> --
> Rock
> MS MVP Windows - Shell/User
>
>
July 15, 2005 1:23:24 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

koby wrote:
> Where the SID is saved? In Documents and Settings/<account>
> or in another place?
>
> Thanks
>
> "Rock" wrote:
>
>
>>koby wrote:
>>
>>Answers inline:
>>
>>
>>>Hi
>>>
>>>I backed up my entire c disk (without my sygwin files ...), including some
>>>encrypted files. It is restore time. I managed to restore the non-encrypted
>>>docs on another machine. But I cant open the encrypted files.
>>>
>>>(1) Can I restore my them on another machine?
>>
>>Only if you saved the encryption certificate and key.
>>
>>
>>>(2) Can I restore them on the origimal machine if I reformat the disk and
>>>re=install windows?
>>
>>Same answer as #1. A reinstall creates a new user account with a
>>different SID, even if the account name is the same. The encryption was
>>based on the original account's SID. Without the backup copies of the
>>encryption certificate, it won't work.
>>
>>
>>>(3) Are there any key-files which I can use to see the files?
>>
>>No.
>>
>>
>>>Thanks
>>
>>
>>
>>--
>>Rock
>>MS MVP Windows - Shell/User
>>
>>

The SID is in the registry, but you can't migrate it to a new install
and and then decrypt files encrypted under the original account.

--
Rock
MS MVP Windows - Shell/User
July 15, 2005 1:27:42 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

koby wrote:

> I used MS Windows XP backup/restore utility. What is ASR?
>
> Also,
>
> My problem is a currpotion of the MBR (Master boot record). Is there is a
> way to boot the machine using cd/USB device (no floppy) and get what we want?
>
> Thanks
>
>
> "Rock" wrote:
>
>
>>koby wrote:
>>
>>
>>>Thanks !!
>>>
>>>Since I backed up my entire harddisk I presume that also the personal
>>>encryption certificate (with its associated private key) and the recovery
>>>agent certificate were backed up. Where can I find them?
>>>
>>>If I would restore the the hardisk using MS backup/restore tool will it work?
>>>
>>
>>I'm not sure about this. The only way possible is if the backup you
>>made was done using the ASR wizard which saves the system state and
>>everything on the C: drive. However to restore using ASR, one boots
>>with the Windows CD, then at one point chooses the ASR option. It then
>>installs a fresh copy of XP, then restores the data from the ASR backup.
>> If the ASR restore does not overwrite the newly created SID with the
>>old one, then you're out of luck. I have never tried this but it might
>>work to allow access to the encrypted files. The bottom line is XP's
>>EFS is data loss waiting to happen.
>>
>>Best practices for the Encrypting File System
>>http://support.microsoft.com/?id=223316
>>
>>How to back up the recovery agent Encrypting File System (EFS) private
>>key in Windows Server 2003, in Windows 2000, and in Windows XP
>>http://support.microsoft.com/?id=241201
>>
>>How to add an EFS recovery agent in Windows XP Professional
>>http://support.microsoft.com/?id=887414
>>
>>--
>>Rock
>>MS MVP Windows - Shell/User
>>
>>

ASR stands for Automated System Recovery. It is one of the options in
Ntbackup. In addition to the backup data file ASR creates a floppy disk
that is needed during the ASR recovery. In my previous post I wrote
that an ASR recovery might allow you to view the encrypted files. What
I meant to say was it might not. And the only way you can even try that
is if you had made an ASR backup. Since you don't know what ASR means
this suggests to me you didn't use the ASR wizard in ntbackup.

Sounds like the only thing that is going to be able to recover your
files is if you can repair the MBR to make the disk bootable. You must
boot into XP from that disk and login to the account where the
encryption was applied to either decrypt the files or create a recovery
agent and export the certificate and key. The other option would be to
clone the disk onto another drive with a working mbr, and see if that
will boot.

You might want to talk with one of the drive data recovery specialty
groups such as www.ontrack.com or www.drivesavers.com.

--
Rock
MS MVP Windows - Shell/User
Anonymous
July 15, 2005 2:52:02 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

>
> ASR stands for Automated System Recovery. It is one of the options in
> Ntbackup. In addition to the backup data file ASR creates a floppy disk
> that is needed during the ASR recovery. In my previous post I wrote
> that an ASR recovery might allow you to view the encrypted files. What
> I meant to say was it might not. And the only way you can even try that
> is if you had made an ASR backup. Since you don't know what ASR means
> this suggests to me you didn't use the ASR wizard in ntbackup.
>
> Sounds like the only thing that is going to be able to recover your
> files is if you can repair the MBR to make the disk bootable.

How do I do this?

> You must
> boot into XP from that disk and login to the account where the
> encryption was applied

How do I do that?

> to either decrypt the files or create a recovery
> agent and export the certificate and key. The other option would be to
> clone the disk onto another drive with a working mbr, and see if that
> will boot.

What is cloning? How do I do that?

>
> You might want to talk with one of the drive data recovery specialty
> groups such as www.ontrack.com or www.drivesavers.com.

Thanks !

>
> --
> Rock
> MS MVP Windows - Shell/User
>
>
Anonymous
July 15, 2005 2:54:03 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

>
> The SID is in the registry, but you can't migrate it to a new install
> and and then decrypt files encrypted under the original account.
>

So, it will not be a good idea to reformat the hard dist, install win xp and
then do a restore. I must use my current installation.

Koby
July 15, 2005 4:25:35 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

koby wrote:

>>The SID is in the registry, but you can't migrate it to a new install
>>and and then decrypt files encrypted under the original account.
>>
>
>
> So, it will not be a good idea to reformat the hard dist, install win xp and
> then do a restore. I must use my current installation.
>
> Koby
>

If you do that you will loose access to the encrypted files. So if you
don't want to, then that would not be a good idea.

--
Rock
MS MVP Windows - Shell/User
July 15, 2005 4:28:07 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

koby wrote:

>>ASR stands for Automated System Recovery. It is one of the options in
>>Ntbackup. In addition to the backup data file ASR creates a floppy disk
>>that is needed during the ASR recovery. In my previous post I wrote
>>that an ASR recovery might allow you to view the encrypted files. What
>>I meant to say was it might not. And the only way you can even try that
>>is if you had made an ASR backup. Since you don't know what ASR means
>>this suggests to me you didn't use the ASR wizard in ntbackup.
>>
>>Sounds like the only thing that is going to be able to recover your
>>files is if you can repair the MBR to make the disk bootable.
>
>
> How do I do this?
>
>
>>You must
>>boot into XP from that disk and login to the account where the
>>encryption was applied
>
>
> How do I do that?
>
>
>>to either decrypt the files or create a recovery
>>agent and export the certificate and key. The other option would be to
>>clone the disk onto another drive with a working mbr, and see if that
>>will boot.
>
>
> What is cloning? How do I do that?
>
>
>>You might want to talk with one of the drive data recovery specialty
>>groups such as www.ontrack.com or www.drivesavers.com.
>
>
> Thanks !
>
>
>>--
>>Rock
>>MS MVP Windows - Shell/User
>>
>>

Cloning is the process of making an exact copy of the data on the drive.
I don't know whether or how one can do it if the mbr is damaged, but
some specialty software might work. How you do the possible solutions I
suggested? Like I said, contact a group that specializes in drive and
data recovery like ontrack or drive savers.

--
Rock
MS MVP Windows - Shell/User
Anonymous
July 15, 2005 10:49:41 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

"koby" <koby@discussions.microsoft.com> wrote in message
news:BAAD2AAC-6DE8-45F9-BCEE-CA17ED554D24@microsoft.com...
> Hi
>
> I backed up my entire c disk (without my sygwin files ...), including some
> encrypted files. It is restore time. I managed to restore the
> non-encrypted
> docs on another machine. But I cant open the encrypted files.
>
> (1) Can I restore my them on another machine?
> (2) Can I restore them on the origimal machine if I reformat the disk and
> re=install windows?
> (3) Are there any key-files which I can use to see the files?
>
> Thanks

If you backed up the system state then you should be able to recover the
keys. It may be a good idea to try this on a different hard drive. Install a
different hard drive as the only drive. Install Windows XP. Restore your
backup making sure to overwrite all the files. Try to decrypt the files.
Depending on what you backed up this may or may not work. Good luck.

Kerry
Anonymous
July 15, 2005 1:42:01 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

I ran the backup utility and choose the entire drive c (except the directory
of cygwin). So?


"Kerry Brown" wrote:

> "koby" <koby@discussions.microsoft.com> wrote in message
> news:BAAD2AAC-6DE8-45F9-BCEE-CA17ED554D24@microsoft.com...
> > Hi
> >
> > I backed up my entire c disk (without my sygwin files ...), including some
> > encrypted files. It is restore time. I managed to restore the
> > non-encrypted
> > docs on another machine. But I cant open the encrypted files.
> >
> > (1) Can I restore my them on another machine?
> > (2) Can I restore them on the origimal machine if I reformat the disk and
> > re=install windows?
> > (3) Are there any key-files which I can use to see the files?
> >
> > Thanks
>
> If you backed up the system state then you should be able to recover the
> keys. It may be a good idea to try this on a different hard drive. Install a
> different hard drive as the only drive. Install Windows XP. Restore your
> backup making sure to overwrite all the files. Try to decrypt the files.
> Depending on what you backed up this may or may not work. Good luck.
>
> Kerry
>
>
>
Anonymous
July 15, 2005 6:47:20 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

"koby" <koby@discussions.microsoft.com> wrote in message
news:4C20A1D9-89DE-4EA3-9715-3445C667F319@microsoft.com...
>I ran the backup utility and choose the entire drive c (except the
>directory
> of cygwin). So?
>

Did you also backup the System State?

Kerry

>
> "Kerry Brown" wrote:
>
>> "koby" <koby@discussions.microsoft.com> wrote in message
>> news:BAAD2AAC-6DE8-45F9-BCEE-CA17ED554D24@microsoft.com...
>> > Hi
>> >
>> > I backed up my entire c disk (without my sygwin files ...), including
>> > some
>> > encrypted files. It is restore time. I managed to restore the
>> > non-encrypted
>> > docs on another machine. But I cant open the encrypted files.
>> >
>> > (1) Can I restore my them on another machine?
>> > (2) Can I restore them on the origimal machine if I reformat the disk
>> > and
>> > re=install windows?
>> > (3) Are there any key-files which I can use to see the files?
>> >
>> > Thanks
>>
>> If you backed up the system state then you should be able to recover the
>> keys. It may be a good idea to try this on a different hard drive.
>> Install a
>> different hard drive as the only drive. Install Windows XP. Restore your
>> backup making sure to overwrite all the files. Try to decrypt the files.
>> Depending on what you backed up this may or may not work. Good luck.
>>
>> Kerry
>>
>>
>>
Anonymous
July 15, 2005 8:21:20 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

koby wrote:

> Hi
>
> I backed up my entire c disk (without my sygwin files ...), including some
> encrypted files. It is restore time. I managed to restore the non-encrypted
> docs on another machine. But I cant open the encrypted files.
>
> (1) Can I restore my them on another machine?
> (2) Can I restore them on the origimal machine if I reformat the disk and
> re=install windows?
> (3) Are there any key-files which I can use to see the files?
>
> Thanks
Hi,

If you are not able to get your old environment up and running by
restoring from your backup, take a look here:

http://www.beginningtoseethelight.org/efsrecovery/


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.m...
Anonymous
July 25, 2005 10:17:05 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Hi

After long work I can manage to get access to the hard disk using an OS on a
cd. I can't fix the MBR. Is there is a way to copy the required files
(private key/registrry/else) into another machine and then use it to decrypt
the files?

Thanks, Koby

"Rock" wrote:

> koby wrote:
>
> >>The SID is in the registry, but you can't migrate it to a new install
> >>and and then decrypt files encrypted under the original account.
> >>
> >
> >
> > So, it will not be a good idea to reformat the hard dist, install win xp and
> > then do a restore. I must use my current installation.
> >
> > Koby
> >
>
> If you do that you will loose access to the encrypted files. So if you
> don't want to, then that would not be a good idea.
>
> --
> Rock
> MS MVP Windows - Shell/User
>
>
Anonymous
July 25, 2005 7:25:40 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

koby wrote:

> Hi
>
> After long work I can manage to get access to the hard disk using
> an OS on a cd. I can't fix the MBR. Is there is a way to copy the
> required files (private key/registrry/else) into another machine
> and then use it to decrypt the files?
>
Hi,

If you can obtain some files from the user profile folders for the
user that encrypted the files and if you remember the password for the
user when the backup was taken, you might be able to save the files.

Take a look at this site for more details:

http://www.beginningtoseethelight.org/efsrecovery/


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.m...
July 26, 2005 9:49:50 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

koby wrote:

> Hi
>
> After long work I can manage to get access to the hard disk using an OS on a
> cd. I can't fix the MBR. Is there is a way to copy the required files
> (private key/registrry/else) into another machine and then use it to decrypt
> the files?
>
> Thanks, Koby
>

Torgeir posted the only link I know of that might help.


--
Rock
MS MVP Windows - Shell/User
!