swmcdonnell
asked on
Drive crashed, have backup of EFS encrypted files, new machine Windows pre-loaded, can't open encrypted files
Machine hard drive crashed. Have a backup using Retrospect, but files in My Documents and below are EFS encrypted. Have a new machine, Windows XP Pro is pre-loaded. Restored files from backup but can't read encrypted files. Imported the license from the old system: Documents and Settings/Application Data/Microsoft/Certificate
There's no EFS group policy defined on the new machine. Tried to add one, but I don't have the certificates available. Imported again but now I"m way over my head and not sure what to do. Machine is in a workgroup, not a domain. I created the exact same user name, machine name and workgroup name as the old machine. I don't want to do an image restore on this new machine, but I can start all over from scratch because it's brand new.
Appreciate any help you can give me!
There's no EFS group policy defined on the new machine. Tried to add one, but I don't have the certificates available. Imported again but now I"m way over my head and not sure what to do. Machine is in a workgroup, not a domain. I created the exact same user name, machine name and workgroup name as the old machine. I don't want to do an image restore on this new machine, but I can start all over from scratch because it's brand new.
Appreciate any help you can give me!
I believe EFS will only function based on the UID that the user had previously, since you have recreated the PC, same username, and same workgroup all you have is a PC that happens to have these characteristics but does not have the same UID as the past user. EFS is meant to protect everyone other than user who encrypted them from using them. This wouldn't be very secure if I could walk into the office with my own computer, using the same workgroup and username and read all these files. There is really no way to recover these that I know of in a workgroup environment. In a domain environment you can have a more structured recovery environment for EFS files. Sorry to say I believe you may be out of luck .
Logon to the PC as administrator, then right click those folders, select security and then take ownership of those folders. Now you should have sufficient rights to change the rest of the permissions of those folders.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I am not in a data loss situation, but have been trying to figure out how to create EFS encrypted files on one machine and read them on another (will full access to the certificates on the "creation" machine, and with both machines fully functional. I've been playing with this for 6 weeks, and I have not figured out how to do it yet. Exporting the keys and certificates on the creation machine and importing them on the "read" machine doesn't do it, although I believe that it is a necessary step (that is, if you don't have the ".PFX" file, then I think that all hope is lost, but even with it, I have not yet succeeded). Taking ownership seems to have nothing to do with it. I believe that the answer lies in something microsoft calls a "recovery agent" and "recovery policy", but my attempts to create one have not been successful.
A contact at Microsoft recommended these two links for information (have not read them yet):
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/encrypt_overview.mspx
and
http://support.microsoft.com/oas/default.aspx?ln=en-us&x=17&y=10&c1=509&gprid=3223&
Good luck and keep us posted.
A contact at Microsoft recommended these two links for information (have not read them yet):
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/encrypt_overview.mspx
and
http://support.microsoft.com/oas/default.aspx?ln=en-us&x=17&y=10&c1=509&gprid=3223&
Good luck and keep us posted.