• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 255
  • Last Modified:

Windows XP Pro SP2 CIPHER error

Windows XP Pro SP2 CIPHER error. I cannot decrypt my documents on my external hard drive after using the command "%windir%\system32\cipher.exe" /e /s:%path% /a /i /f, where path is my documents folder. I encrypted the folder and later had to do a reformat of my internal hard drive and now I cannot access any of my files. How can I fix this?
0
rae_rae
Asked:
rae_rae
  • 9
  • 3
1 Solution
 
rae_raeAuthor Commented:
BTW, I have already tried properties > security tab > advanced > owner tab > change owner to > replace owner on subcontainer and objects.
0
 
rae_raeAuthor Commented:
Of course, I have also already tried: cipher /d /s:"I:\My Documents" /a
0
 
rae_raeAuthor Commented:
I just tried cacls "I:\My Documents" /T /G %user%:F where user is the name of the account I used to encrypt the files and also is the name of my current account. This also did not work.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
rae_raeAuthor Commented:
I have also tried reading the data onto temporary storage using Knoppix to no avail.
Help please...somebody!
0
 
rae_raeAuthor Commented:
So...nobody can do this? :-s...wow...ok
0
 
rae_raeAuthor Commented:
How lame ...lol
0
 
PowerITCommented:
Is that an encrypted folder on the external harddisk? Using EFS?
And encrypted on another PC then the one you are now using maybe?
If all yes, then this is only supported when both machines are member of the same Actice Directory. This means having a server as domain controller.
If this is not within AD, then the only way is to attach the external HD back to the PC where it was originally encrypted an decrypt the folder.

J.
0
 
rae_raeAuthor Commented:
Is that an encrypted folder on the external harddisk? Using EFS?
I'm not sure. used the command: "%windir%\system32\cipher.exe" /e /s:%path% /a /i /f, where path is the folder on the external hard drive.

And encrypted on another PC then the one you are now using maybe?
No, I encrypted the folder using the same PC as the one that I am attempting to recover it from. I did a reformat after having encrypted the folder though.

Thanks for the response. I'm glad to see somebody has at least tried...
0
 
PowerITCommented:
Rae, then I'm sorry to be the one with the bad news.
When you reinstall XP Pro in a workgroup environment (or standalone), new keys are generated.
There are two ways to recover: using the backup of your key (Import it using certmgr.msc) or the recovery agent.
Both have to be arranged before any disaster or before reinstalling XP.
If you do not have done that, then I have very very bad news for you: you are fried!
Think about it, what good would EFS be if you can open encrypted files/folders without the key.
Contrary to some common believe, EFS is safe.
On XP you need the key AND the original password. If one of those are missing you will not be able to decrypt the files in a timely manner. It's as simple as that. Otherwise EFS would be worthless and been proven to also.
None of the so called 'recovery tools' will be able to help you, whatever their marketing department is shouting (or failing to explain).
There is a tool called AEFSDR.
AEFSDR needs the keys to do it's magic. If those are missing, then you will not be succesfull in recovering.
Also, on XP and 2k3 server, AEFSDR needs the password of the user encrypting the files.
Basically it needs al info like windows would with a running system. Microsoft did improve EFS when releasing XP.
And just creating a new key and certificate will certainly not help. That's like losing your key to your home, going to a locksmith and buying just any random new key and hoping it will open your lock.
Cipher can be used with a recovery agent. You would need access to the recovery agent key. If you are not in an AD environment (e.g. stand alone PC) then by default you do not have a recovery agent.
In plain english: no-one can help you. Sorry.

J.
0
 
rae_raeAuthor Commented:
Thanks for letting me come to some filnality on this. It's sad though that a user who forgot thier key can't get into the system even with thier user name and password; I setup the new system with all the old credentials...
0
 
PowerITCommented:
The key can be backed up: start certmgr.msc, doubleclick personal / certificates. Right click the certificate of the user which says EFS as intended purpose. Choose all tasks/export. Export WITH the private key to an external media.
Store the external media at a safe external location (like a banksafe). Rember the password used to when exporting the certificate.
This will help you next time.

J.
0
 
rae_raeAuthor Commented:
Thanks again.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 9
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now