Re: HELP!: Decrypting Files After Partial System Crash

From: EricMontague (ericmontague25@yahoo.com)
Date: 04/03/03 

From: ericmontague25@yahoo.com (EricMontague)
Date: 3 Apr 2003 10:31:53 -0800

Pete,

This is an excellent site, if only I had it a week ago, but I still
can't decrypt my files, but I know why. While I managed to to change
the machine SID using System Internals wonderful tool, the user ID
needs to be set to that of the old machine, what I believe is called
the RID. The web page you refered to talks about making changes to the
keys on the SAM hive, but I don't have any keys there and I believe it
is because the page was talking about restoring EFS in a
Domain-account environment, where as I am in a standalone Workgroup.

So the question is how can I change the the user ID?

PS - I already tried sequentially creating accounts until my number
came up, but apparently Windows remembers old, deleted numbers and
simply skips over them when they are called back into the sequence.

"Peter Clark" <clark@hushmail.com> wrote in message news:<06eb01c2f971$40b6d5e0$a001280a@phx.gbl>...
> http://www.beginningtoseethelight.org/efsrecovery/
>
>
> >-----Original Message-----
> >OK hot shots here's a real bear for you guys to wrap
> yourselves
> >around.
> >
> >This is the deal: recently my WIN2K hard drive suffered a
> massive
> >crash. Scan of the disk revealed permanent errors on the
> drive and
> >about 20-30 percent of the files were lost for good.
> However I was
> >able to salvage the remaining 80-70 percent (including
> most of the
> >Doc's & Settings, Prog Files, WINNT, System32\CONFIG, etc.
> >directories) and back them up accordingly to a stable drive.
> >
> >However a number of my data files were encrypted with EFS
> and while I
> >was able to restore them to my new partition, they remained
> >encrypted. My questions are thus:
> >
> >(1) Is there any way to use the old files to a create a
> PKS file?
> >(2) Where and what are the files and directories that
> WIN2K uses for
> >user EFS?
> >(3) My last resort is to retroactively create a 'ghost'
> image of my
> >old WIN2K system and on the good drive. This very time
> consuming and
> >when I tried it, it didn't work. Specifically the system
> booted and
> >proceeded all the way to the login is screen but I was
> unable to login
> >as all of my input devices where not activated. So the
> question is, if
> >this procedure is the only recourse, what is the best way
> to implement
> >this so I can actually login on decrypt my old files?
> >
> >T I A !!!!!!!!!!!
> >.
> >