EFS on Windows XP user can not open EFS protected files after changing user name and password

I have a WIndows XP Prof. user who can not open some EFS files after turning on EFS for some files and folders and then later changing his user name and password.

The user said he was changing passwords and even user names after he had setup EFS for some files and folders and now can not open the EFS protected files.  He does not have a EFS password recovery file etc..

He is not sure what the password originally was and he said he even changed the user name etc..  He is not sure about the orig. user name or password.

Is there a way to be able to open these files?  Some of the files are important TurboTax files and some are pictures that are important to the user.

I have read if you change the password back to the one used when EFS was turned on for that file or folder that would work.  But he can not remember the password and he even changed the user name.

I also read if you copy to FAT32 (not NTFS like the disk drive XP is using that EFS is not kept....

Not sure if it is as easy as removing the hard drive, connecting to USB to IDE or SATA harness and copying the files to another NTFS or FAT hard drive etc...  Also, in XP I am not sure the administrator account could help if enabled etc..

Thanks
rdwolfAsked:
Who is Participating?
 
☠ MASQ ☠Connect With a Mentor Commented:
EFS won't work on a FAT32 format but changing from NTFS to FAT32 won't undo it.

EFS links the Hash of username/password as the key to decrypt so unless the original account name and password is restored the files will remain inaccessible.

Forced change of password using boot CD tools has the same effect

http://technet.microsoft.com/en-us/library/cc700811.aspx

If you have a DRA installed you might just be able to help
http://technet.microsoft.com/library/cc722672.aspx
0
 
huacatConnect With a Mentor Commented:
I remember EFS could recovery by user cert.
Also we can use saminside(http://www.insidepro.com/eng/saminside.shtml) to recovery the password.
Boot the system using a usb stick or boot-able CD, and run Saminside to import the system registry information, then try to crack the password.

Change user name & password, the EFS folder  should be  recoverable, but if the user delete the user and create the user again, I'm afraid we can't recover it forever.
See http://support.microsoft.com/kb/290260 for more information
0
 
rdwolfAuthor Commented:
Thanks for the help.  The info. is useful.  I will try, if possible, next week but it seems the user has changed the user name and can not remember the old user name now.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.