Solved

EFS on Windows XP user can not open EFS protected files after changing user name and password

Posted on 2012-03-18
3
458 Views
Last Modified: 2012-03-24
I have a WIndows XP Prof. user who can not open some EFS files after turning on EFS for some files and folders and then later changing his user name and password.

The user said he was changing passwords and even user names after he had setup EFS for some files and folders and now can not open the EFS protected files.  He does not have a EFS password recovery file etc..

He is not sure what the password originally was and he said he even changed the user name etc..  He is not sure about the orig. user name or password.

Is there a way to be able to open these files?  Some of the files are important TurboTax files and some are pictures that are important to the user.

I have read if you change the password back to the one used when EFS was turned on for that file or folder that would work.  But he can not remember the password and he even changed the user name.

I also read if you copy to FAT32 (not NTFS like the disk drive XP is using that EFS is not kept....

Not sure if it is as easy as removing the hard drive, connecting to USB to IDE or SATA harness and copying the files to another NTFS or FAT hard drive etc...  Also, in XP I am not sure the administrator account could help if enabled etc..

Thanks
0
Comment
Question by:rdwolf
3 Comments
 
LVL 62

Accepted Solution

by:
☠ MASQ ☠ earned 250 total points
ID: 37734837
EFS won't work on a FAT32 format but changing from NTFS to FAT32 won't undo it.

EFS links the Hash of username/password as the key to decrypt so unless the original account name and password is restored the files will remain inaccessible.

Forced change of password using boot CD tools has the same effect

http://technet.microsoft.com/en-us/library/cc700811.aspx

If you have a DRA installed you might just be able to help
http://technet.microsoft.com/library/cc722672.aspx
0
 
LVL 6

Assisted Solution

by:huacat
huacat earned 250 total points
ID: 37737316
I remember EFS could recovery by user cert.
Also we can use saminside(http://www.insidepro.com/eng/saminside.shtml) to recovery the password.
Boot the system using a usb stick or boot-able CD, and run Saminside to import the system registry information, then try to crack the password.

Change user name & password, the EFS folder  should be  recoverable, but if the user delete the user and create the user again, I'm afraid we can't recover it forever.
See http://support.microsoft.com/kb/290260 for more information
0
 

Author Closing Comment

by:rdwolf
ID: 37761139
Thanks for the help.  The info. is useful.  I will try, if possible, next week but it seems the user has changed the user name and can not remember the old user name now.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Seperate Windows 7 Purchases or Volume License... 13 211
Cannot Upgrade Microsoft Installer on Windows 2000 29 70
Upgrade or retire 8 96
Windows 10 -- Home to Pro upgrade ? 4 110
If you build your web application in Visual Studio you'll get at least a few binaries, or .DLL, files in your bin folder. However, there is more compiling to be done. Normally this would happen when an ASP.NET resource within the web site is request…
Can I legally transfer my OEM version of Windows to another PC?  (AKA - Can I put a new systemboard in my OEM PC?) Few of us are both IT and legal experts but we all have our own views of Microsoft's licensing rules and how they apply.  There are…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question