EFS problem. Unable to open files/remove encryption.

I encrypted a lot of docs using XP EFS. I had a whole bunch of certificates belonging to a lot of people in my organisation on my profile. Since my profile got messed up, i had to get it re-created and added back all the certificates with the keys. Now, I am unable to open any documents nor am I able to decrypt anything. Any ideas on how to get around this mess?
LVL 3
preekishAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

riotzCommented:
hmm well the only way to recover your stuff is to use some efs data recovery tools now which arent free..
when you need recommendations for some good ones leave a msg here
0
preekishAuthor Commented:
I think i have the key, buyt its just not decrypting.
0
preekishAuthor Commented:
isnt anyone around guys? or is the 250 not good enough? :)
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
preekishAuthor Commented:
Im increasing the points hoping that someone would come up with an answer which works.

To add a lil bit more info,

I checked on the encryption details as in using the Details button, it has my certificate. Even when i Remove the same on a few files and put it back, the same cert with the same thumbprint comes up....


0
preekishAuthor Commented:
I would like to close this question as I am unable to recieve any working solutions. Could an admin do the needful please?
0
LucFEMEA Server EngineerCommented:
Hi preekish,

Have you imported the original EFS certificate yet?
1) Browse to the path and file name of the .pfx file to which you exported the EFS recovery agent's private key, and then right-click the file.
2) Click Install PFX to start the Certificate Import wizard.
3) Click Next and confirm the file location and name.
4) Click Next. Type the password for the private key, and then click Next.
5) Click Place all certificates in the following store, and then click Browse.
6) Click Personal, and then click OK.
7) Click Finish, click Yes to add the certificate, and then click OK.

(ref. http://www.jsiinc.com/SUBI/tip4400/rh4475.htm)

Greetings,

LucF
0
preekishAuthor Commented:
I cant locate the original EFS certificate, however, there seems to be a similar one in my contents folder, (I assume its just that, a "similar one" with my login name"; that doesnt obviously help... this all happened after i changed my password on the domain and someone messed around with my PC...

I have tried everything i know.. and my bad luck that there is no recovery agent set as well. :(
0
LucFEMEA Server EngineerCommented:
In your original question you said:
>>i had to get it re-created and added back all the certificates with the keys<<
Does this mean you had backups of the keys? If not, you're most likely lost.
If you do, try the above.

Just using the same username and password does NOT make the same certificate.

Otherwise, take a look at the following piece of software:
-=-=-=-=-=-=-=-=-=-
Advanced EFS Data Recovery 1.30

Is a program to recover/decrypt files encrypted on NTFS (EFS) partitions created in Windows 2000 and Windows XP.
Files are being decrypted even in a case when the system is not bootable and so you cannot log on,
and/or some encryption keys have been tampered. AEFSDR effectively decrypts the files protected under
Windows XP (including Service Pack 1) and all versions of Windows 2000 (including Service Packs 1/2/3/4).
http://www.elcomsoft.com/aefsdr.html
-=-=-=-=-=-=-=-=-=-
It'll try to locate the right certificates to unencrypt the files.

LucF
0
preekishAuthor Commented:
I ran this thing few days back and all the encrypted files showed as non-decryptable,

Same goes for keys found.... only a few keys (which does not have anything to do with mine" were showing up as green and everything else was "non-usable"
0
LucFEMEA Server EngineerCommented:
If that's the case, sorry, but you're out of luck, unless you have about 1000 years of free time to brute-force the key (calculated with an average nowadays PC) the documents are gone now.

LucF
0
preekishAuthor Commented:
Admins,

I would like to close this question as I am unable to get a working solution.
0
LucFEMEA Server EngineerCommented:
preekish,

Every possible solution has been tried, now it's clearly a case of "No you can't do that" as you just don't have the certificates anymore. I believe that answer has been given.
http://www.experts-exchange.com/help.jsp#hi54

LucF
0
preekishAuthor Commented:
LucF.....Im sorry mate, I would be more than glad to give out the points, but I got answers which I already knew, and I had to wait ages together to get any response.


Please note that on 11/30/2004 at 11:39 PM, I had requested a closing of this question.

About the "No you cant do that" part, there are quite a lot of things that is still left to be tried, like getting the microsoft's reccerts.exe, which i know of, but i cant afford to buy it.

Secondly, I can also try something as crazy as
http://www.beginningtoseethelight.org/efsrecovery/index.php

But again I dont know how to do it..

I was looking for an answer which would resolve the issue otherwise, I knew it was unlikely that I would get a working response, but still I gave a try.




0
LucFEMEA Server EngineerCommented:
I've read that document before.

RECCERTS.EXE will only help you if you remember your old password and you have all your old profiles available, you don't have the original profile available as you had to recreate it.
All others require either full access to the original key, or data recovery of the original key.

But, if you want to get your points refunded, that's your choice, but at this moment I think I can honesty say everything that might work has been suggested.

LucF

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.