EFS problem. Unable to open files/remove encryption.
I encrypted a lot of docs using XP EFS. I had a whole bunch of certificates belonging to a lot of people in my organisation on my profile. Since my profile got messed up, i had to get it re-created and added back all the certificates with the keys. Now, I am unable to open any documents nor am I able to decrypt anything. Any ideas on how to get around this mess?
ASKER
I think i have the key, buyt its just not decrypting.
ASKER
isnt anyone around guys? or is the 250 not good enough? :)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Im increasing the points hoping that someone would come up with an answer which works.
To add a lil bit more info,
I checked on the encryption details as in using the Details button, it has my certificate. Even when i Remove the same on a few files and put it back, the same cert with the same thumbprint comes up....
To add a lil bit more info,
I checked on the encryption details as in using the Details button, it has my certificate. Even when i Remove the same on a few files and put it back, the same cert with the same thumbprint comes up....
ASKER
I would like to close this question as I am unable to recieve any working solutions. Could an admin do the needful please?
Hi preekish,
Have you imported the original EFS certificate yet?
1) Browse to the path and file name of the .pfx file to which you exported the EFS recovery agent's private key, and then right-click the file.
2) Click Install PFX to start the Certificate Import wizard.
3) Click Next and confirm the file location and name.
4) Click Next. Type the password for the private key, and then click Next.
5) Click Place all certificates in the following store, and then click Browse.
6) Click Personal, and then click OK.
7) Click Finish, click Yes to add the certificate, and then click OK.
(ref. http://www.jsiinc.com/SUBI/tip4400/rh4475.htm)
Greetings,
LucF
Have you imported the original EFS certificate yet?
1) Browse to the path and file name of the .pfx file to which you exported the EFS recovery agent's private key, and then right-click the file.
2) Click Install PFX to start the Certificate Import wizard.
3) Click Next and confirm the file location and name.
4) Click Next. Type the password for the private key, and then click Next.
5) Click Place all certificates in the following store, and then click Browse.
6) Click Personal, and then click OK.
7) Click Finish, click Yes to add the certificate, and then click OK.
(ref. http://www.jsiinc.com/SUBI/tip4400/rh4475.htm)
Greetings,
LucF
ASKER
I cant locate the original EFS certificate, however, there seems to be a similar one in my contents folder, (I assume its just that, a "similar one" with my login name"; that doesnt obviously help... this all happened after i changed my password on the domain and someone messed around with my PC...
I have tried everything i know.. and my bad luck that there is no recovery agent set as well. :(
I have tried everything i know.. and my bad luck that there is no recovery agent set as well. :(
In your original question you said:
>>i had to get it re-created and added back all the certificates with the keys<<
Does this mean you had backups of the keys? If not, you're most likely lost.
If you do, try the above.
Just using the same username and password does NOT make the same certificate.
Otherwise, take a look at the following piece of software:
-=-=-=-=-=-=-=-=-=-
Advanced EFS Data Recovery 1.30
Is a program to recover/decrypt files encrypted on NTFS (EFS) partitions created in Windows 2000 and Windows XP.
Files are being decrypted even in a case when the system is not bootable and so you cannot log on,
and/or some encryption keys have been tampered. AEFSDR effectively decrypts the files protected under
Windows XP (including Service Pack 1) and all versions of Windows 2000 (including Service Packs 1/2/3/4).
http://www.elcomsoft.com/aefsdr.html
-=-=-=-=-=-=-=-=-=-
It'll try to locate the right certificates to unencrypt the files.
LucF
>>i had to get it re-created and added back all the certificates with the keys<<
Does this mean you had backups of the keys? If not, you're most likely lost.
If you do, try the above.
Just using the same username and password does NOT make the same certificate.
Otherwise, take a look at the following piece of software:
-=-=-=-=-=-=-=-=-=-
Advanced EFS Data Recovery 1.30
Is a program to recover/decrypt files encrypted on NTFS (EFS) partitions created in Windows 2000 and Windows XP.
Files are being decrypted even in a case when the system is not bootable and so you cannot log on,
and/or some encryption keys have been tampered. AEFSDR effectively decrypts the files protected under
Windows XP (including Service Pack 1) and all versions of Windows 2000 (including Service Packs 1/2/3/4).
http://www.elcomsoft.com/aefsdr.html
-=-=-=-=-=-=-=-=-=-
It'll try to locate the right certificates to unencrypt the files.
LucF
ASKER
I ran this thing few days back and all the encrypted files showed as non-decryptable,
Same goes for keys found.... only a few keys (which does not have anything to do with mine" were showing up as green and everything else was "non-usable"
Same goes for keys found.... only a few keys (which does not have anything to do with mine" were showing up as green and everything else was "non-usable"
If that's the case, sorry, but you're out of luck, unless you have about 1000 years of free time to brute-force the key (calculated with an average nowadays PC) the documents are gone now.
LucF
LucF
ASKER
Admins,
I would like to close this question as I am unable to get a working solution.
I would like to close this question as I am unable to get a working solution.
preekish,
Every possible solution has been tried, now it's clearly a case of "No you can't do that" as you just don't have the certificates anymore. I believe that answer has been given.
https://www.experts-exchange.com/help.jsp#hi54
LucF
Every possible solution has been tried, now it's clearly a case of "No you can't do that" as you just don't have the certificates anymore. I believe that answer has been given.
https://www.experts-exchange.com/help.jsp#hi54
LucF
ASKER
LucF.....Im sorry mate, I would be more than glad to give out the points, but I got answers which I already knew, and I had to wait ages together to get any response.
Please note that on 11/30/2004 at 11:39 PM, I had requested a closing of this question.
About the "No you cant do that" part, there are quite a lot of things that is still left to be tried, like getting the microsoft's reccerts.exe, which i know of, but i cant afford to buy it.
Secondly, I can also try something as crazy as
http://www.beginningtoseethelight.org/efsrecovery/index.php
But again I dont know how to do it..
I was looking for an answer which would resolve the issue otherwise, I knew it was unlikely that I would get a working response, but still I gave a try.
Please note that on 11/30/2004 at 11:39 PM, I had requested a closing of this question.
About the "No you cant do that" part, there are quite a lot of things that is still left to be tried, like getting the microsoft's reccerts.exe, which i know of, but i cant afford to buy it.
Secondly, I can also try something as crazy as
http://www.beginningtoseethelight.org/efsrecovery/index.php
But again I dont know how to do it..
I was looking for an answer which would resolve the issue otherwise, I knew it was unlikely that I would get a working response, but still I gave a try.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
when you need recommendations for some good ones leave a msg here