[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 330
  • Last Modified:

EFS problem. Unable to open files/remove encryption.

I encrypted a lot of docs using XP EFS. I had a whole bunch of certificates belonging to a lot of people in my organisation on my profile. Since my profile got messed up, i had to get it re-created and added back all the certificates with the keys. Now, I am unable to open any documents nor am I able to decrypt anything. Any ideas on how to get around this mess?
0
preekish
Asked:
preekish
  • 8
  • 5
  • 2
2 Solutions
 
riotzCommented:
hmm well the only way to recover your stuff is to use some efs data recovery tools now which arent free..
when you need recommendations for some good ones leave a msg here
0
 
preekishAuthor Commented:
I think i have the key, buyt its just not decrypting.
0
 
preekishAuthor Commented:
isnt anyone around guys? or is the 250 not good enough? :)
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
preekishAuthor Commented:
Im increasing the points hoping that someone would come up with an answer which works.

To add a lil bit more info,

I checked on the encryption details as in using the Details button, it has my certificate. Even when i Remove the same on a few files and put it back, the same cert with the same thumbprint comes up....


0
 
preekishAuthor Commented:
I would like to close this question as I am unable to recieve any working solutions. Could an admin do the needful please?
0
 
LucFCommented:
Hi preekish,

Have you imported the original EFS certificate yet?
1) Browse to the path and file name of the .pfx file to which you exported the EFS recovery agent's private key, and then right-click the file.
2) Click Install PFX to start the Certificate Import wizard.
3) Click Next and confirm the file location and name.
4) Click Next. Type the password for the private key, and then click Next.
5) Click Place all certificates in the following store, and then click Browse.
6) Click Personal, and then click OK.
7) Click Finish, click Yes to add the certificate, and then click OK.

(ref. http://www.jsiinc.com/SUBI/tip4400/rh4475.htm)

Greetings,

LucF
0
 
preekishAuthor Commented:
I cant locate the original EFS certificate, however, there seems to be a similar one in my contents folder, (I assume its just that, a "similar one" with my login name"; that doesnt obviously help... this all happened after i changed my password on the domain and someone messed around with my PC...

I have tried everything i know.. and my bad luck that there is no recovery agent set as well. :(
0
 
LucFCommented:
In your original question you said:
>>i had to get it re-created and added back all the certificates with the keys<<
Does this mean you had backups of the keys? If not, you're most likely lost.
If you do, try the above.

Just using the same username and password does NOT make the same certificate.

Otherwise, take a look at the following piece of software:
-=-=-=-=-=-=-=-=-=-
Advanced EFS Data Recovery 1.30

Is a program to recover/decrypt files encrypted on NTFS (EFS) partitions created in Windows 2000 and Windows XP.
Files are being decrypted even in a case when the system is not bootable and so you cannot log on,
and/or some encryption keys have been tampered. AEFSDR effectively decrypts the files protected under
Windows XP (including Service Pack 1) and all versions of Windows 2000 (including Service Packs 1/2/3/4).
http://www.elcomsoft.com/aefsdr.html
-=-=-=-=-=-=-=-=-=-
It'll try to locate the right certificates to unencrypt the files.

LucF
0
 
preekishAuthor Commented:
I ran this thing few days back and all the encrypted files showed as non-decryptable,

Same goes for keys found.... only a few keys (which does not have anything to do with mine" were showing up as green and everything else was "non-usable"
0
 
LucFCommented:
If that's the case, sorry, but you're out of luck, unless you have about 1000 years of free time to brute-force the key (calculated with an average nowadays PC) the documents are gone now.

LucF
0
 
preekishAuthor Commented:
Admins,

I would like to close this question as I am unable to get a working solution.
0
 
LucFCommented:
preekish,

Every possible solution has been tried, now it's clearly a case of "No you can't do that" as you just don't have the certificates anymore. I believe that answer has been given.
http://www.experts-exchange.com/help.jsp#hi54

LucF
0
 
preekishAuthor Commented:
LucF.....Im sorry mate, I would be more than glad to give out the points, but I got answers which I already knew, and I had to wait ages together to get any response.


Please note that on 11/30/2004 at 11:39 PM, I had requested a closing of this question.

About the "No you cant do that" part, there are quite a lot of things that is still left to be tried, like getting the microsoft's reccerts.exe, which i know of, but i cant afford to buy it.

Secondly, I can also try something as crazy as
http://www.beginningtoseethelight.org/efsrecovery/index.php

But again I dont know how to do it..

I was looking for an answer which would resolve the issue otherwise, I knew it was unlikely that I would get a working response, but still I gave a try.




0
 
LucFCommented:
I've read that document before.

RECCERTS.EXE will only help you if you remember your old password and you have all your old profiles available, you don't have the original profile available as you had to recreate it.
All others require either full access to the original key, or data recovery of the original key.

But, if you want to get your points refunded, that's your choice, but at this moment I think I can honesty say everything that might work has been suggested.

LucF

0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

  • 8
  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now