Drive crashed, have backup of EFS encrypted files, new machine Windows pre-loaded, can't open encrypted files

Machine hard drive crashed. Have a backup using Retrospect, but files in My Documents and below are EFS encrypted. Have a new machine, Windows XP Pro is pre-loaded. Restored files from backup but can't read encrypted files. Imported the license from the old system:  Documents and Settings/Application Data/Microsoft/Certificate System/My/Certificates (or something similar). Didn't do any good.

There's no EFS group policy defined on the new machine. Tried to add one, but I don't have the certificates available. Imported again but now I"m way over my head and not sure what to do. Machine is in a workgroup, not a domain. I created the exact same user name, machine name and workgroup name as the old machine. I don't want to do an image restore on this new machine, but I can start all over from scratch because it's brand new.

Appreciate any help you can give me!
Who is Participating?
huh, this is not a security issue.  This is an issue of dealing with encrypted files.

If something should happen to affect the opening of encrypted files, such as changing you user account or some system instability, this is where your backed up keys are going to come into play. My philosophy is: don't wait for a catastrophe to learn how to recover your system.

So with that said let's take a look at how to restore your certificate, which will allow you to open these files once again.

1. You need to encrypt at least one file on your PC—this will prompt Windows to create a certificate for your user account.

2. Log on as the local administrator (usually the main account on the PC, and it should be password protected)

3. Start a Microsoft Management Console by going to Start/Run and in the field type "mmc" (without the quotes) and select OK.

4. Go to File, Add/Remove snap-in and click the Add button. Next, highlight the "Certificates" snap-in and click Add. Choose the "My User Account" radio button and click Finish. Finally, click Close and then click OK.

5. In the left pane, expand "Certificates-Current User" by clicking the + sign. Proceed to "Personal" then "Certificates".

6. In the right pane, right-click and select "All Tasks" then "Import" to start the Certificate Import Wizard.

7. Click Next. Enter the name of the certificate file

8. Enter the Password for the certificate, and check mark the "Private key as Exportable". Click Next twice, and then click Finish.

You should now be able to open the files that you couldn't before.

I used these directions one time, a long while ago...i believe it worked for me.  I didn't realize that you said you had backups of your certificates...
I believe EFS will only function based on the UID that the user had previously, since you have recreated the PC, same username, and same workgroup all you have is a PC that happens to have these characteristics but does not have the same UID as the past user.  EFS is meant to protect everyone other than user who encrypted them from using them.  This wouldn't be very secure if I could walk into the office with my own computer, using the same workgroup and username and read all these files.  There is really no way to recover these that I know of in a workgroup environment.  In a domain environment you can have a more structured recovery environment for EFS files.  Sorry to say I believe you may be out of luck .
Logon to the PC as administrator, then right click those folders, select security and then take ownership of those folders. Now you should have sufficient rights to change the rest of the permissions of those folders.
I am not in a data loss situation, but have been trying to figure out how to create EFS encrypted files on one machine and read them on another (will full access to the certificates on the "creation" machine, and with both machines fully functional.  I've been playing with this for 6 weeks, and I have not figured out how to do it yet.  Exporting the keys and certificates on the creation machine and importing them on the "read" machine doesn't do it, although I believe that it is a necessary step (that is, if you don't have the ".PFX" file, then I think that all hope is lost, but even with it, I have not yet succeeded).  Taking ownership seems to have nothing to do with it.  I believe that the answer lies in something microsoft calls a "recovery agent" and "recovery policy", but my attempts to create one have not been successful.

A contact at Microsoft recommended these two links for information (have not read them yet):


Good luck and keep us posted.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.