Re: Newbee EFS can't decrypt

From: Steven Umbach (n9rou_at_n0spam-comcast.net)
Date: 02/04/04 

Date: Wed, 04 Feb 2004 00:29:18 GMT

If you reinstalled the operating system then you may not be able to recover
those files even though your user account is the same name. Windows 2000 also
has a recovery agent for EFS decryption as shown in the Efsinfo report which
would be the built in administrator on a stand alone computer, so you may want
to try logging in with that account to try to decrypt files. You could also try
to see if the thumbprints match on the certificates by viewing your certificate
by running mmc in the run box and adding the certificate snapin for user where
you can view thumbprint info on the details page, or course the matching EFS
private key used for decryption would still need to be on your computer which it
should be unless you deliberately tried to export and delete it. See the links
below for more information on EFS. --- Steve

http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B255742
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316

"Mike Wegner" <mwegner1@hotmail.com> wrote in message
news:uCyYdkm6DHA.2412@TK2MSFTNGP09.phx.gbl...
> OK, I have a test folder that I decrypted about a year ago and suddenly I
> can't access any of the files in it. Sure enough I can't decrypt it either.
> I never made a recovery key using cypher, however after running efsinfo I
> get:
>
> C:\>EFSINFO /R /U /C dir h:\lanosrep
> h:\
> lanosrep: Encrypted
> Users who can decrypt:
> MY_DOMAIN\stanss [CN="Smith, Stan"]
> Certificate thumbprint: 9CDE D879 78AB B60B 99B9 8B41 FE44 B78B AFBC
> 6AA0
> Recovery Agents:
> MY_DOMAIN\Administrator [OU=EFS File Encryption Certificate, L=EFS,
> CN=Admin
> istrator]
> Certificate thumbprint: DE87 6F62 7BAA A9DC D597 FAB9 5D9F 259E E488
> FE9A
>
> From that info I think I should be able to decrppt since I am "Stan Smith"
> and I also am the domain administrator. I have logged onto both the local
> machine and the server with both accounts but am not able to decrypt. Can I
> save myself here, or am I screwed?
>
>
>

Relevant Pages

  • Re: Lost EFS Recovery Key for local admin
    ... I found I could get a File Recovery ... the certificate will be there. ... Fixing that allowed the built in Administrator to get a ... Along the way I created separate account called 'recovery' ...
    (microsoft.public.win2000.security)
  • Re: EFS Recovery Agent
    ... It's a failed account lookup. ... Their certificate also needs to be a recovery certificate as ...
    (microsoft.public.win2000.security)
  • Re: How to add a domain user as a Data Recovery Agent
    ... Did you verify that the certificate issued to the user is indeed a Recovery ... I'm trying to figure out how to add a non-privileged, domain user account ... sure that the EFS Recovery Agent certificate template is published by my ...
    (microsoft.public.windows.server.security)
  • Re: Can no longer encrypt files
    ... and recovery agent's certificate. ... This was working fine until the account password expired and was changed. ... We then tried to encrypt the files again, ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Unable to Decrypt Encrypted files
    ... it keeps asking for a account name and password ... conceivable methods the OP could use to decrypt his data would be if he had ... keys his data is gone. ... If you Google for efs data recovery most the links ...
    (microsoft.public.windowsxp.security_admin)