/ Sign-up
Your question

EFS Decryption Woes

  • Security
  • Business Computing
Last response: in Business Computing
August 24, 2012 3:36:20 PM


I am trying to decrypt data encrypted by EFS on Win 7 and XP boxes. We have a large domain Server 2003 PKI infrastructure. I have genereated file reocvery and EFS certicates using a DRA\KRA account.

I then log onto a machine with theDRA\KRA account, mount encrypted drive as a slave. I then import certificates into local computer on the DRA\KRA account.

Unfortunately I am not able to decrypt the drive. There is another user who had master certs installed on his machine a year ago. He is able to decrypt any encrypted drive. This is evidence that our infrastructure is correctly configured. I fairly new to this and so I have more than likely generated or applied the certificates incorrectly.

Just to provide some feedback on some exact steps taken so far:

1. On the first Dc in the domain I logged in with DRA/KRA account.

2. Opened up certificate snap in - in mmc

3. Used Certificates - Current User console

4. Right clicked on Personal -> Certificates - > Request new certificate

5. In the wizard chose current EFS Recovery Agent template that has been used successfully in the past.

6. The certificate then appears in Personal -> Certificates window

7. R/click on the certificate -> Export

8. In the export wizard I choose " Yes,export the private key " option.

9. In the next screen - "enable strong protection" is ticked and "Include all certificates in the certification path if possible" is ticked.

10. I then specify password, perform the export and copy cert to my laptop

11. Logged in under my own account I then double - click on the cert and allow it to install to default place.

I am still not able to decrypt any data :( 

Thanks a milll.

More about : efs decryption woes

August 24, 2012 3:53:53 PM

Here is the screen print when I ran efsinfo on the encrypted file:

Test.txt: Encrypted
Users who can decrypt:
EDCON\TCXSC4 (Sunil Chiba()
Recovery Agents:
Unknown (BCXPKI())
a b 8 Security
August 24, 2012 5:35:34 PM

Please edit out the e-mail addresses in your second posting.

Looks like BCXPKI does not have the proper permissions to open the files.
August 27, 2012 10:55:24 AM

Gave BCXPKI account full security permissions on the file - still no difference.