EFS Decryption Woes


I am trying to decrypt data encrypted by EFS on Win 7 and XP boxes. We have a large domain Server 2003 PKI infrastructure. I have genereated file reocvery and EFS certicates using a DRA\KRA account.

I then log onto a machine with theDRA\KRA account, mount encrypted drive as a slave. I then import certificates into local computer on the DRA\KRA account.

Unfortunately I am not able to decrypt the drive. There is another user who had master certs installed on his machine a year ago. He is able to decrypt any encrypted drive. This is evidence that our infrastructure is correctly configured. I fairly new to this and so I have more than likely generated or applied the certificates incorrectly.

Just to provide some feedback on some exact steps taken so far:

1. On the first Dc in the domain I logged in with DRA/KRA account.

2. Opened up certificate snap in - in mmc

3. Used Certificates - Current User console

4. Right clicked on Personal -> Certificates - > Request new certificate

5. In the wizard chose current EFS Recovery Agent template that has been used successfully in the past.

6. The certificate then appears in Personal -> Certificates window

7. R/click on the certificate -> Export

8. In the export wizard I choose " Yes,export the private key " option.

9. In the next screen - "enable strong protection" is ticked and "Include all certificates in the certification path if possible" is ticked.

10. I then specify password, perform the export and copy cert to my laptop

11. Logged in under my own account I then double - click on the cert and allow it to install to default place.

I am still not able to decrypt any data :(

Thanks a milll.
3 answers Last reply
More about decryption woes
  1. Here is the screen print when I ran efsinfo on the encrypted file:

    Test.txt: Encrypted
    Users who can decrypt:
    EDCON\TCXSC4 (Sunil Chiba()
    Recovery Agents:
    Unknown (BCXPKI())
  2. Please edit out the e-mail addresses in your second posting.

    Looks like BCXPKI does not have the proper permissions to open the files.
  3. Gave BCXPKI account full security permissions on the file - still no difference.
Ask a new question

Read More

Security Business Computing