Solved

Windows XP Pro SP2 CIPHER error

Posted on 2007-03-26
12
246 Views
Last Modified: 2013-12-04
Windows XP Pro SP2 CIPHER error. I cannot decrypt my documents on my external hard drive after using the command "%windir%\system32\cipher.exe" /e /s:%path% /a /i /f, where path is my documents folder. I encrypted the folder and later had to do a reformat of my internal hard drive and now I cannot access any of my files. How can I fix this?
0
Comment
Question by:rae_rae
  • 9
  • 3
12 Comments
 
LVL 3

Author Comment

by:rae_rae
ID: 18794837
BTW, I have already tried properties > security tab > advanced > owner tab > change owner to > replace owner on subcontainer and objects.
0
 
LVL 3

Author Comment

by:rae_rae
ID: 18794863
Of course, I have also already tried: cipher /d /s:"I:\My Documents" /a
0
 
LVL 3

Author Comment

by:rae_rae
ID: 18794894
I just tried cacls "I:\My Documents" /T /G %user%:F where user is the name of the account I used to encrypt the files and also is the name of my current account. This also did not work.
0
 
LVL 3

Author Comment

by:rae_rae
ID: 18795040
I have also tried reading the data onto temporary storage using Knoppix to no avail.
Help please...somebody!
0
 
LVL 3

Author Comment

by:rae_rae
ID: 18804302
So...nobody can do this? :-s...wow...ok
0
 
LVL 3

Author Comment

by:rae_rae
ID: 18810661
How lame ...lol
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 18

Expert Comment

by:PowerIT
ID: 18823805
Is that an encrypted folder on the external harddisk? Using EFS?
And encrypted on another PC then the one you are now using maybe?
If all yes, then this is only supported when both machines are member of the same Actice Directory. This means having a server as domain controller.
If this is not within AD, then the only way is to attach the external HD back to the PC where it was originally encrypted an decrypt the folder.

J.
0
 
LVL 3

Author Comment

by:rae_rae
ID: 18824598
Is that an encrypted folder on the external harddisk? Using EFS?
I'm not sure. used the command: "%windir%\system32\cipher.exe" /e /s:%path% /a /i /f, where path is the folder on the external hard drive.

And encrypted on another PC then the one you are now using maybe?
No, I encrypted the folder using the same PC as the one that I am attempting to recover it from. I did a reformat after having encrypted the folder though.

Thanks for the response. I'm glad to see somebody has at least tried...
0
 
LVL 18

Accepted Solution

by:
PowerIT earned 500 total points
ID: 18828347
Rae, then I'm sorry to be the one with the bad news.
When you reinstall XP Pro in a workgroup environment (or standalone), new keys are generated.
There are two ways to recover: using the backup of your key (Import it using certmgr.msc) or the recovery agent.
Both have to be arranged before any disaster or before reinstalling XP.
If you do not have done that, then I have very very bad news for you: you are fried!
Think about it, what good would EFS be if you can open encrypted files/folders without the key.
Contrary to some common believe, EFS is safe.
On XP you need the key AND the original password. If one of those are missing you will not be able to decrypt the files in a timely manner. It's as simple as that. Otherwise EFS would be worthless and been proven to also.
None of the so called 'recovery tools' will be able to help you, whatever their marketing department is shouting (or failing to explain).
There is a tool called AEFSDR.
AEFSDR needs the keys to do it's magic. If those are missing, then you will not be succesfull in recovering.
Also, on XP and 2k3 server, AEFSDR needs the password of the user encrypting the files.
Basically it needs al info like windows would with a running system. Microsoft did improve EFS when releasing XP.
And just creating a new key and certificate will certainly not help. That's like losing your key to your home, going to a locksmith and buying just any random new key and hoping it will open your lock.
Cipher can be used with a recovery agent. You would need access to the recovery agent key. If you are not in an AD environment (e.g. stand alone PC) then by default you do not have a recovery agent.
In plain english: no-one can help you. Sorry.

J.
0
 
LVL 3

Author Comment

by:rae_rae
ID: 18829249
Thanks for letting me come to some filnality on this. It's sad though that a user who forgot thier key can't get into the system even with thier user name and password; I setup the new system with all the old credentials...
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 18829279
The key can be backed up: start certmgr.msc, doubleclick personal / certificates. Right click the certificate of the user which says EFS as intended purpose. Choose all tasks/export. Export WITH the private key to an external media.
Store the external media at a safe external location (like a banksafe). Rember the password used to when exporting the certificate.
This will help you next time.

J.
0
 
LVL 3

Author Comment

by:rae_rae
ID: 18829298
Thanks again.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now