Solved

Windows XP Pro SP2 CIPHER error

Posted on 2007-03-26
12
248 Views
Last Modified: 2013-12-04
Windows XP Pro SP2 CIPHER error. I cannot decrypt my documents on my external hard drive after using the command "%windir%\system32\cipher.exe" /e /s:%path% /a /i /f, where path is my documents folder. I encrypted the folder and later had to do a reformat of my internal hard drive and now I cannot access any of my files. How can I fix this?
0
Comment
Question by:rae_rae
  • 9
  • 3
12 Comments
 
LVL 3

Author Comment

by:rae_rae
ID: 18794837
BTW, I have already tried properties > security tab > advanced > owner tab > change owner to > replace owner on subcontainer and objects.
0
 
LVL 3

Author Comment

by:rae_rae
ID: 18794863
Of course, I have also already tried: cipher /d /s:"I:\My Documents" /a
0
 
LVL 3

Author Comment

by:rae_rae
ID: 18794894
I just tried cacls "I:\My Documents" /T /G %user%:F where user is the name of the account I used to encrypt the files and also is the name of my current account. This also did not work.
0
 
LVL 3

Author Comment

by:rae_rae
ID: 18795040
I have also tried reading the data onto temporary storage using Knoppix to no avail.
Help please...somebody!
0
 
LVL 3

Author Comment

by:rae_rae
ID: 18804302
So...nobody can do this? :-s...wow...ok
0
 
LVL 3

Author Comment

by:rae_rae
ID: 18810661
How lame ...lol
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 18

Expert Comment

by:PowerIT
ID: 18823805
Is that an encrypted folder on the external harddisk? Using EFS?
And encrypted on another PC then the one you are now using maybe?
If all yes, then this is only supported when both machines are member of the same Actice Directory. This means having a server as domain controller.
If this is not within AD, then the only way is to attach the external HD back to the PC where it was originally encrypted an decrypt the folder.

J.
0
 
LVL 3

Author Comment

by:rae_rae
ID: 18824598
Is that an encrypted folder on the external harddisk? Using EFS?
I'm not sure. used the command: "%windir%\system32\cipher.exe" /e /s:%path% /a /i /f, where path is the folder on the external hard drive.

And encrypted on another PC then the one you are now using maybe?
No, I encrypted the folder using the same PC as the one that I am attempting to recover it from. I did a reformat after having encrypted the folder though.

Thanks for the response. I'm glad to see somebody has at least tried...
0
 
LVL 18

Accepted Solution

by:
PowerIT earned 500 total points
ID: 18828347
Rae, then I'm sorry to be the one with the bad news.
When you reinstall XP Pro in a workgroup environment (or standalone), new keys are generated.
There are two ways to recover: using the backup of your key (Import it using certmgr.msc) or the recovery agent.
Both have to be arranged before any disaster or before reinstalling XP.
If you do not have done that, then I have very very bad news for you: you are fried!
Think about it, what good would EFS be if you can open encrypted files/folders without the key.
Contrary to some common believe, EFS is safe.
On XP you need the key AND the original password. If one of those are missing you will not be able to decrypt the files in a timely manner. It's as simple as that. Otherwise EFS would be worthless and been proven to also.
None of the so called 'recovery tools' will be able to help you, whatever their marketing department is shouting (or failing to explain).
There is a tool called AEFSDR.
AEFSDR needs the keys to do it's magic. If those are missing, then you will not be succesfull in recovering.
Also, on XP and 2k3 server, AEFSDR needs the password of the user encrypting the files.
Basically it needs al info like windows would with a running system. Microsoft did improve EFS when releasing XP.
And just creating a new key and certificate will certainly not help. That's like losing your key to your home, going to a locksmith and buying just any random new key and hoping it will open your lock.
Cipher can be used with a recovery agent. You would need access to the recovery agent key. If you are not in an AD environment (e.g. stand alone PC) then by default you do not have a recovery agent.
In plain english: no-one can help you. Sorry.

J.
0
 
LVL 3

Author Comment

by:rae_rae
ID: 18829249
Thanks for letting me come to some filnality on this. It's sad though that a user who forgot thier key can't get into the system even with thier user name and password; I setup the new system with all the old credentials...
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 18829279
The key can be backed up: start certmgr.msc, doubleclick personal / certificates. Right click the certificate of the user which says EFS as intended purpose. Choose all tasks/export. Export WITH the private key to an external media.
Store the external media at a safe external location (like a banksafe). Rember the password used to when exporting the certificate.
This will help you next time.

J.
0
 
LVL 3

Author Comment

by:rae_rae
ID: 18829298
Thanks again.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now