Solved

EFS on Windows XP user can not open EFS protected files after changing user name and password

Posted on 2012-03-18
3
425 Views
Last Modified: 2012-03-24
I have a WIndows XP Prof. user who can not open some EFS files after turning on EFS for some files and folders and then later changing his user name and password.

The user said he was changing passwords and even user names after he had setup EFS for some files and folders and now can not open the EFS protected files.  He does not have a EFS password recovery file etc..

He is not sure what the password originally was and he said he even changed the user name etc..  He is not sure about the orig. user name or password.

Is there a way to be able to open these files?  Some of the files are important TurboTax files and some are pictures that are important to the user.

I have read if you change the password back to the one used when EFS was turned on for that file or folder that would work.  But he can not remember the password and he even changed the user name.

I also read if you copy to FAT32 (not NTFS like the disk drive XP is using that EFS is not kept....

Not sure if it is as easy as removing the hard drive, connecting to USB to IDE or SATA harness and copying the files to another NTFS or FAT hard drive etc...  Also, in XP I am not sure the administrator account could help if enabled etc..

Thanks
0
Comment
Question by:rdwolf
3 Comments
 
LVL 62

Accepted Solution

by:
☠ MASQ ☠ earned 250 total points
ID: 37734837
EFS won't work on a FAT32 format but changing from NTFS to FAT32 won't undo it.

EFS links the Hash of username/password as the key to decrypt so unless the original account name and password is restored the files will remain inaccessible.

Forced change of password using boot CD tools has the same effect

http://technet.microsoft.com/en-us/library/cc700811.aspx

If you have a DRA installed you might just be able to help
http://technet.microsoft.com/library/cc722672.aspx
0
 
LVL 6

Assisted Solution

by:huacat
huacat earned 250 total points
ID: 37737316
I remember EFS could recovery by user cert.
Also we can use saminside(http://www.insidepro.com/eng/saminside.shtml) to recovery the password.
Boot the system using a usb stick or boot-able CD, and run Saminside to import the system registry information, then try to crack the password.

Change user name & password, the EFS folder  should be  recoverable, but if the user delete the user and create the user again, I'm afraid we can't recover it forever.
See http://support.microsoft.com/kb/290260 for more information
0
 

Author Closing Comment

by:rdwolf
ID: 37761139
Thanks for the help.  The info. is useful.  I will try, if possible, next week but it seems the user has changed the user name and can not remember the old user name now.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your system is showing symptoms of browser hijacks or 'google search redirects' check out my other article (http://rdsrc.us/u3GP7A) first and run the tool TDSSKiller (http://rdsrc.us/GDBBs4) to get rid of the infection. Once done, and if the …
We have adopted the strategy to use Computers in Student Labs as the bulletin boards. The same target can be achieved by using a Login Notice feature in Group policy but it’s not as attractive as graphical wallpapers with message which grabs the att…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
A short film showing how OnPage and Connectwise integration works.

943 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

5 Experts available now in Live!

Get 1:1 Help Now