Solved

EFS on Windows XP user can not open EFS protected files after changing user name and password

Posted on 2012-03-18
3
473 Views
Last Modified: 2012-03-24
I have a WIndows XP Prof. user who can not open some EFS files after turning on EFS for some files and folders and then later changing his user name and password.

The user said he was changing passwords and even user names after he had setup EFS for some files and folders and now can not open the EFS protected files.  He does not have a EFS password recovery file etc..

He is not sure what the password originally was and he said he even changed the user name etc..  He is not sure about the orig. user name or password.

Is there a way to be able to open these files?  Some of the files are important TurboTax files and some are pictures that are important to the user.

I have read if you change the password back to the one used when EFS was turned on for that file or folder that would work.  But he can not remember the password and he even changed the user name.

I also read if you copy to FAT32 (not NTFS like the disk drive XP is using that EFS is not kept....

Not sure if it is as easy as removing the hard drive, connecting to USB to IDE or SATA harness and copying the files to another NTFS or FAT hard drive etc...  Also, in XP I am not sure the administrator account could help if enabled etc..

Thanks
0
Comment
Question by:rdwolf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 62

Accepted Solution

by:
☠ MASQ ☠ earned 250 total points
ID: 37734837
EFS won't work on a FAT32 format but changing from NTFS to FAT32 won't undo it.

EFS links the Hash of username/password as the key to decrypt so unless the original account name and password is restored the files will remain inaccessible.

Forced change of password using boot CD tools has the same effect

http://technet.microsoft.com/en-us/library/cc700811.aspx

If you have a DRA installed you might just be able to help
http://technet.microsoft.com/library/cc722672.aspx
0
 
LVL 6

Assisted Solution

by:huacat
huacat earned 250 total points
ID: 37737316
I remember EFS could recovery by user cert.
Also we can use saminside(http://www.insidepro.com/eng/saminside.shtml) to recovery the password.
Boot the system using a usb stick or boot-able CD, and run Saminside to import the system registry information, then try to crack the password.

Change user name & password, the EFS folder  should be  recoverable, but if the user delete the user and create the user again, I'm afraid we can't recover it forever.
See http://support.microsoft.com/kb/290260 for more information
0
 

Author Closing Comment

by:rdwolf
ID: 37761139
Thanks for the help.  The info. is useful.  I will try, if possible, next week but it seems the user has changed the user name and can not remember the old user name now.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Migration of Exchange mailbox can be done with the ExProfre.exe tool. But at times, when the ExProfre.exe tool migrates the Exchange Server user profile, it results in numerous synchronization problems. Synchronization error messages appear in the e…
Sometimes people don't understand why download speed shows differently for Windows than Linux.Specially, this article covers and shows the solution for throughput difference for Windows than a Linux machine. For this, I arranged a test scenario.I…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question