Re: Encrypting File System
From: Carey Frisch [MVP] (mrxp2004_at_nospamyahoo.com)
Date: 05/11/04
- Next message: VW Girl: "425 port theft"
- Previous message: EricC: "changing nic speed/duplex remotely"
- In reply to: Captain Smegma: "Encrypting File System"
- Next in thread: Drew Cooper [MSFT]: "Re: Encrypting File System"
- Reply: Drew Cooper [MSFT]: "Re: Encrypting File System"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 11 May 2004 11:39:59 -0500
Before you encrypt anything important, you should back up your
personal encryption certificate (with its associated private key)
and the recovery agent certificate to a floppy disk and store it in
a secure location. If you ever lose your original certificate
(because of a hard disk failure, for example), you can restore
the backup copy and regain access to your files. If you lose all
copies of your certificate (and no recovery agent certificates exist),
you won't be able to use your encrypted files. No back door exists,
nor is there any practical way to hack these files.
(If there were, it wouldn't be very good encryption.)
HOW TO: Remove File Encryption in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;EN-US;308993
Without a backup of the original Encryption Certificate Key, encrypted files
are unrecoverable as they will stay encrypted forever. There is no recovery
method since the encryption algorithm is now completely different with a
reinstall of Windows XP.
See if the following articles help in any way:
HOW TO: Take Ownership of a File or Folder in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;308421
Best Practices for the Encrypting File System
http://support.microsoft.com/default.aspx?scid=kb;en-us;223316
Encrypting File System in Windows XP
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/winxppro/deploy/CryptFS.asp
EFS Files Appear Corrupted When You Open Them
http://support.microsoft.com/default.aspx?scid=kb;en-us;329741
Possible third-party solution:
Advanced EFS Data Recovery 1.30
http://www.softempire.com/advanced-efs-data-recovery.html
-- Carey Frisch Microsoft MVP Windows XP - Shell/User Be Smart! Protect your PC! http://www.microsoft.com/security/protect/ ----------------------------------------------------------------------------------------------------------- "Captain Smegma" <charles at matchwalk dot com> wrote in message: news:45C2A4CA-027E-4D0B-8B73-271A39984D2D@microsoft.com... |I recently had to re-install my OS from scratch. Whilst there's nothing unusual about that, I made the error of not de-crypting some data I had on another disk first. Was that ever a mistake! | I looked for assistance in the Help system and found several items of interest - eventually. The Help seems to say that, in order to decrypt folders and files, you have to be a Recovery Agent. OK - how do I get to be one? I find the instructions to create myself as a recovery agent and follow them to the letter. Actually, that's not quite true - the last step is described incorrectly in the Help file, although well enough top make me think I was doing what was required. And that's where everthing stops. The process does not work, at least, not for me. I've logged on as the Administrator, who should have right automatically assigned and nothing happens. I've logged on as the first of two accounts created after installion of the OS - creating new accounts as the Administrator is supposed to transfer the status of default recovery agent to the first-created account and again, nothing happens. I get the feeling from the Help text, that there should be a file called *.cer somewhere but I cannot locate one. | I've tried everything I can think of to get around the problem of not having the original private key and NOTHING works for me. I've tried local restoration, remote restoration, doing a backup and restoring to a FAT32 partition - everything that I can think of. The question is now - presumably Microsoft would allow encrypted data to be decrypted by someone without the relevant key? Of course they would - it says so in the Help system. But IT DOESN'T WORK LIKE IT SAYS ON THE PACKET! I'm getting increasingly frustrated and need to know what I'm doing wrong or what extra slip of information I'm currently missing. Can anybody help, please? | Thanks in advance.
- Next message: VW Girl: "425 port theft"
- Previous message: EricC: "changing nic speed/duplex remotely"
- In reply to: Captain Smegma: "Encrypting File System"
- Next in thread: Drew Cooper [MSFT]: "Re: Encrypting File System"
- Reply: Drew Cooper [MSFT]: "Re: Encrypting File System"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
