Link to home
Start Free TrialLog in
Avatar of Edgar Cole
Edgar ColeFlag for United States of America

asked on

How can I retrieve my encrypted folder?

After performing a clean install of Windows 10, I no longer have access to an encrypted folder I created on an external drive under the old system (Windows 7). In fact, when I plug that disk into the USB port, the encrypted folder doesn't even show up in the drive' s content list! I've tried using the properties dialog to regain access, but I'm not sure what to do. Is there any way to get that folder back?
Avatar of Don
Don
Flag of United States of America image

Clean install??? You can't....if you did an upgrade install you would have been able to
when you encrypt folders windows prompts you to save the certificate.. you have to import that certificate and probably take ownership of the folder that contains the encrypted files, ( takeown /f x:\path /r /d n) and then you can decrypt the files. If you don't know where the certificate export that windows prompted you to save then these files are garbage.
Avatar of Edgar Cole

ASKER

I can restore the environment under which I encrypted that folder, but I still might not be able to find the certificate. Under that scenario, what options would I have?
If you restore, you should be able to use the certificate MMC/user account to export the certificate+private key (pfx) or decrypt the contents of the folder on the external drive, and then re-encrypt it with the new system.
There are no options if you can not get the certificate.
I thought that I might be able to find those files in my backups and then use MMC in the new system to take ownership. Unfortunately, I don't know what those files are called or where to look for them.
Backups have to have been made prior to the encryption.  even the backed up files would be encrypted when restored as that would defeat the purpose if all someone had to do was to backup the files, and then restore them effectivly stripping the encryption.

without the certificate/private key. You are simply out of lack.
I guess what I meant to say was that I don't know where the certificates are stored and what they are called. If they are in a database, then I guess I would have to try retrieving that.
The data is within the registry and are not reachable unless you boot the system, run mmc, and then add/remove the certificate snap-in for your user. There you should see the EFS certificate which you then can export (including the private key) as a .pfx file.
You can then import the .pfx file onto the new system and regain access to the data within the encrypted files.

You mentioned that you have a way to reestablish the previously running system, it does not have to be on the same hardware, but it does need to run (VM will work as well)
SOLUTION
Avatar of Edgar Cole
Edgar Cole
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
After creating a VMDK file and configuring it using VMware player, I can't get the guest OS (Windows 7 x64) to start. To no avail, I tried using the repair tools. I'm at the point where it's offering to "reset" the PC. I'm willing to try that route, as long as I understand the ramifications. The following is the screen being presented:

User generated image
As long as the changes VMware will make are confined to the virtual disk, I'm good to go. My other concern is where it will get the image with which to restore Windows. The original Windows 7 was an OEM version. On the other hand, the virtual disk might contain the original recovery partition. Can someone clarify this for me?
I think it is trying to load from the recovery partition versus from the bootable OS.
That is the difficulty depending on what the acronis image you have and what it means.

try reset and see what the resulting VM has. It might present you the option where you can see the date when the backup was created and what to restore.

With the VM you can try as many times as is necessary as at this point, you can consider access to the files as lost. With the possible pleasant surprise if your restore attempt succeed and are such that the certificate that was used to encrypt the data is the certificate that exists within the VM.
During bootup selection after the recovery bootup, did you have an option to choose from which partition within the TIB to boot.
I am abandoning my quest to recover the encrypted files!

This discussion went off on a tangent, which was of my own creation. I apologize for that. My original strategy was to restore the Windows 7 environment so that I could decrypt the folder. For reasons unknown, the decryption process was not completed. By the time I realized that, I had already restored Windows 10 and no longer had the requisite authority.

I tried pursuing a strategy that would make switching between the two operating systems a lot faster. Consequently, I investigated dual-boot and virtual machines. Unfortunately, I failed to implement either. Diagnosing the reasons for my failure is probably best left to a separate discussion.

I still have all of the pieces on hand in the event I decide to pursue this again. For example, I have a much smaller (40 GB) True Image backup of the original Windows 7 environment. That might be easier to manage than the 700+ gigabyte image I've been wrestling with throughout this exercise. More likely than not, I'm going to attempt to put that in its own partition on the internal hard drive. The problem I encountered before was that I was unable to assign a drive letter to the partition I created for that purpose. Windows kept telling me that I needed to convert the disc into a dynamic disk. I think my other option was to delete the fifth partition, which was identified as a recovery partition. Unfortunately, Windows would not let me do that either. I believe it will take a third-party product to accomplish that task.

I want to thank and give credit to those who contributed their expertise in an effort to assist me. Perhaps their contributions and my struggles will be of benefit to the next person.
My comment is intended to summarize my experience and should not be interpreted as a solution. I just wanted to make that clear to anyone else who might come across  this discussion.