If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
File Decryption
Hi all,
I've recently reinstalled Windows following a terminal crash. Unfortunately, I now can't access various documents (including My Briefcase) as I had them encrypted on my process installation of XP. I have searched the forums which tell me I need my encryption keys to decrypt them. I have the 'System Files' backed up from my previous installation. Does anyone know if the keys are in these backups and how I would use them? If not, is there any other way of decrypting the files. Thanks for any help, Matt. |
Ads |
#2
|
|||
|
|||
I don't know whether the system files would include the keys, but I'd
certainly take a look. When you reinstall Windows, or install Windows on a blank harddrive (which is the safer thing to do, so that you make sure that you data isn't overwritten when Windows reinstalls), you can tell Windows to reinstall using Automated System Recovery. I think that if you do this, and if keys are present, Windows will reinstall the keys. You can then export the keys to a floppy, and then reinstall the keys to the original hard drive. "The Stoat" wrote: Hi all, I've recently reinstalled Windows following a terminal crash. Unfortunately, I now can't access various documents (including My Briefcase) as I had them encrypted on my process installation of XP. I have searched the forums which tell me I need my encryption keys to decrypt them. I have the 'System Files' backed up from my previous installation. Does anyone know if the keys are in these backups and how I would use them? If not, is there any other way of decrypting the files. Thanks for any help, Matt. |
#3
|
|||
|
|||
"The Stoat" wrote in message
... Hi all, I've recently reinstalled Windows following a terminal crash. Unfortunately, I now can't access various documents (including My Briefcase) as I had them encrypted on my process installation of XP. I have searched the forums which tell me I need my encryption keys to decrypt them. I have the 'System Files' backed up from my previous installation. Does anyone know if the keys are in these backups and how I would use them? If not, is there any other way of decrypting the files. Did you export the EFS certificate? If not, say bye-bye to those files. If you had several thousand, maybe millions, of computers you might be able to decrypt those files in a few years. Start - Help and Support , search on "EFS export". How good are your backups (from where you got the old encrypted data files)? Do you have a full backup sometime after you created the EFS certificate? What I'm thinking is that you create a new account under the new instance of Windows which has the same username and password as before. It's SID (security identifier) recorded in the SAM database and registry won't be the same but maybe that is not required. Then use your backups to recover that old user profile to put those files under your new same-named profile path. Then login as that old username using the same old password. Because the SID for the *new* account with the same username will be different than before, the NTFS permissions will list a SID that is not defined under that new instance of Windows as the owner of those files. You will need to remove that old SID from the security for your profile (and all files under it) using an admin account so you can take ownership of it or give it to the new same-named account. Even when I had the EFS certificate to import, I could not access my encrypted files (after importing the EFS certificate) until I added my new account (by the same old username) to the security access list for those files. Ownership and permissions in NTFS are tracked by the SID for the accounts or groups. When you create a new account, even by the same username, the SID will be unique. However, that old SID under the old instance of Windows is undefined under the new instance of Windows. For file permissions under the Security tab, you'll see some "S-bunchnumbers" account listed with full permissions and as the owner. That's your old SID under the old instance of Windows. Remove it and add yourself as the new owner of the file, or add a group to have permissions to which your new account belongs. I'm not sure that creating a new account using the same old username *AND* the same old password (so you'll need to know the password) along with doing a restore from backups for all files under your profile path for that new account (%userprofile%) will work, even after fixing the NTFS permissions to allow your new account to be owner or have full permissions. The SID for your new same-named account will be different than before. From what I read at: http://support.microsoft.com/?id=322346 The SID is not involved in generating the private or public keys for the EFS certificate (that you probably never exported). However, if you didn't do backups then you have no old profile to restore. If you don't remember the old password to use in the new same-named account, you have no way to duplicate the hash that got used in generating your encryption keys. And I don't know if the above will work or if you are capable of performing it and maybe digging out from any pitfalls during the process, so not have an exported copy of the EFS certificate means you lost those files. -- __________________________________________________ E-mail: Remove "NIX" and add "#LAH" to Subject. __________________________________________________ |
#4
|
|||
|
|||
Postscript to what I wrote previously: I think that the Automated System
Recovery option will automatically format a hard drive before restoring, so be sure to use a blank hard drive if you try Automated System Restore. Otherwise, you might accidentally delete your data. "sigmund" wrote: I don't know whether the system files would include the keys, but I'd certainly take a look. When you reinstall Windows, or install Windows on a blank harddrive (which is the safer thing to do, so that you make sure that you data isn't overwritten when Windows reinstalls), you can tell Windows to reinstall using Automated System Recovery. I think that if you do this, and if keys are present, Windows will reinstall the keys. You can then export the keys to a floppy, and then reinstall the keys to the original hard drive. "The Stoat" wrote: Hi all, I've recently reinstalled Windows following a terminal crash. Unfortunately, I now can't access various documents (including My Briefcase) as I had them encrypted on my process installation of XP. I have searched the forums which tell me I need my encryption keys to decrypt them. I have the 'System Files' backed up from my previous installation. Does anyone know if the keys are in these backups and how I would use them? If not, is there any other way of decrypting the files. Thanks for any help, Matt. |
#5
|
|||
|
|||
The Stoat wrote:
Hi all, I've recently reinstalled Windows following a terminal crash. Unfortunately, I now can't access various documents (including My Briefcase) as I had them encrypted on my process installation of XP. I have searched the forums which tell me I need my encryption keys to decrypt them. I have the 'System Files' backed up from my previous installation. Does anyone know if the keys are in these backups and how I would use them? If not, is there any other way of decrypting the files. Hi, That depends on what your 'System Files' backup contains. The data can be recovered in some cases even if you didn't export the encryption certificate: Here is an extract from http://www.beginningtoseethelight.org/efsrecovery/ quote if you have following folders and their contents from the orginal install of 2k or xp - you can recover you efs data. knowledge of your password is also required for this amount of data. c:\documents and settings\foo\application data\microsoft\crypto\ - private keys c:\documents and settings\foo\application data\microsoft\protect\ - locks your current password to your private keys c:\documents and settings\foo\application data\microsoft\systemcertificates\ - public keys (not essential to be the orginal as another valid key can be madeup) this data maybe on an unbootable system, a backup, roaming profile or currently on the system, either in the file system or in the free space. /quote -- torgeir, Microsoft MVP Scripting, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/scr...r/default.mspx |
#6
|
|||
|
|||
Thanks all for the replies. I do have the original, non-bootable hard drive
which is still accessible. In the 'Documents and Settings' folder there are three user folders: Matt (me), All Users and Default User. The Matt folder is inaccessible. The All Users folder has the crypto folder but can't find the 'protect' or 'systemcertificates' folder. Is this enough or do I need more files? And what do I do with them once I have them? Sorry for so many questions - I'm a bit uneducated with file encrytion! Thanks for your help. Matt. "Torgeir Bakken (MVP)" wrote: The Stoat wrote: Hi all, I've recently reinstalled Windows following a terminal crash. Unfortunately, I now can't access various documents (including My Briefcase) as I had them encrypted on my process installation of XP. I have searched the forums which tell me I need my encryption keys to decrypt them. I have the 'System Files' backed up from my previous installation. Does anyone know if the keys are in these backups and how I would use them? If not, is there any other way of decrypting the files. Hi, That depends on what your 'System Files' backup contains. The data can be recovered in some cases even if you didn't export the encryption certificate: Here is an extract from http://www.beginningtoseethelight.org/efsrecovery/ quote if you have following folders and their contents from the orginal install of 2k or xp - you can recover you efs data. knowledge of your password is also required for this amount of data. c:\documents and settings\foo\application data\microsoft\crypto\ - private keys c:\documents and settings\foo\application data\microsoft\protect\ - locks your current password to your private keys c:\documents and settings\foo\application data\microsoft\systemcertificates\ - public keys (not essential to be the orginal as another valid key can be madeup) this data maybe on an unbootable system, a backup, roaming profile or currently on the system, either in the file system or in the free space. /quote -- torgeir, Microsoft MVP Scripting, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/scr...r/default.mspx |
#7
|
|||
|
|||
The Stoat wrote:
Thanks all for the replies. I do have the original, non-bootable hard drive which is still accessible. In the 'Documents and Settings' folder there are three user folders: Matt (me), All Users and Default User. The Matt folder is inaccessible. The All Users folder has the crypto folder but can't find the 'protect' or 'systemcertificates' folder. Is this enough or do I need more files? You will need to get into the "Matt" folder, it is there where the necessary data is. Taking ownership should help: "Access is Denied" Error Message When You Try to Open a Folder http://support.microsoft.com/default...b;en-us;810881 HOW TO: Take Ownership of a File or Folder in Windows XP http://support.microsoft.com/default...b;en-us;308421 Note this one from KB308421: quote If you are running Microsoft Windows XP Home Edition, you must start the computer in safe mode, and then log on with an account that has Administrative rights to have access to the Security tab. /quote And what do I do with them once I have them? That is described he http://www.beginningtoseethelight.org/efsrecovery/ Sorry for so many questions - I'm a bit uneducated with file encrytion! Thanks for your help. Matt. -- torgeir, Microsoft MVP Scripting, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/scr...r/default.mspx |
#8
|
|||
|
|||
File Decryption
Hi there,
I have same problem like you with my files and nobody could find a solution. I reinstall the fresh Win XP Pro and now i have no access to all of my files which were encrypted before reinstalling new windows. I think we have to forget those files. Sami, "The Stoat" wrote: Hi all, I've recently reinstalled Windows following a terminal crash. Unfortunately, I now can't access various documents (including My Briefcase) as I had them encrypted on my process installation of XP. I have searched the forums which tell me I need my encryption keys to decrypt them. I have the 'System Files' backed up from my previous installation. Does anyone know if the keys are in these backups and how I would use them? If not, is there any other way of decrypting the files. Thanks for any help, Matt. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
oops | needlove | Performance and Maintainance of XP | 5 | July 8th 05 04:49 PM |
Sophisticated(!) copying in DOS | RJB | General XP issues or comments | 58 | June 9th 05 10:02 PM |
Can't install Critical Update for Windows XP Media Center Edition2004 (KB838358) | Ant | Windows XP Help and Support | 7 | May 19th 05 03:21 AM |
here is just my error log from xp | j.natas | Performance and Maintainance of XP | 1 | April 3rd 05 04:30 PM |
finding "My Documents" from a shell in Windows XP | Thant Tessman | General XP issues or comments | 5 | October 14th 04 04:42 PM |