Re: Cannot access files using backed-up EFS key...

Wow 531 keys. I can't say that I have ever seen that many unless it means
FEK. The important thing is that it indicates that almost all your files can
be recovered. I don't believe that the numbers you see in the folder are the
thumbprints. I don't know if Microsoft would do a free support call for your
situation but you could call and ask. If not the Elcomsoft product would be
a more economical way to go.

The other option is to try and get your system to start. However I would be
sure to backup the RSA folder right away to make sure you have those private
keys no matter what. If you have not tried it yet try booting into Safe Mode
or boot with last known good configuration that you see in the alternate
start menu when you try to boot into Safe Mode. If you feel comfortable
using it you could also try using Recovery Console to try and repair the
system which may involve disabling non critical services or drivers that are
causing the problem. However the problem could be hardware related. I have
sometimes had success putting a hard drive into another computer as the
primary and then starting it up and plug and play reconfigured enough to
allow it to start up in the other computer. You could also try loading the
system registry hive for HKLM for the problem operating system from the
operating system that you currently are using and making sure that the
registry value below is set to the value shown. Start regedit and highlight
HKLM. then select file - load hive. Navigate to windows\system32\config for
the problem operating system and find system and then hit open. Give a name
to that hive. Expand HLKM, find the name, open it and go to the key below
and make sure that value is as shown. When done highlight the hive you named
and go to file and select unload hive. Then try again to get the operating
system to boot. Another thing I occasionally try in a problem system is to
make a backup of the windows\system32\config folder [so you can always get
back to where you were] and then copy the contents of the \windows\repair
folder to the windows\system32\config folder. --- Steve

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet1\Control\CrashControl\AutoReboot:
0x00000000

http://support.microsoft.com/kb/314058/ --- XP Recovery Console

"Lutz" <Lutz@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4AE1BC9A-8F5B-4784-BA8F-91E18939BE5F@xxxxxxxxxxxxxxxx
Steve,

Thanks for all your help so far! It is most appreciated!

I have not formatted the drive so I don't have to worry about file
recovery
software. The only issue is that the system cannot be booted...crashes and
reboots and a repair install didn't help.

I browsed to "application data\Microsoft\crypto\rsa folder" on the drive
in
the external enclosure using the other computer and found 11 system files
that look like they begin with "thumbprint" IDs, but none of them match
the
thumbprint supposedly on my files. Am I correct in my assumption that one
should match the beginning of the file name?

I downloaded the free trial version of AEFSDR 3.0 and it found 531 keys, 4
of which could be decryped. (Is it normal to have that many?) A scan
showed
that all but 1 of over 5,000 files could be decrypted, and showed me the
first 512K of each to prove it. Thus, I know that method will work.

However, I'm wondering if there's a cheaper way. When you said paid help
of
Microsoft, do you mean Windows XP Support or something else? What I'm
thinking of is when you purchase a retail copy of Windows you get 2 free
support requests...does that count in this case? Could they help recover
my
files (low/no cost)?

Again, thank you for your help so far and eagerly awaiting your reply.
Lutz


.

Relevant Pages

  • Re: EFS - Lost Certificate, Access is denied
    ... certificates\private keys with a file recovery program and try to recover them to the proper folder. ... If you have a backup of your user profile for that computer/specific operating system install from a time when those certificates/private keys existed you could also try recovering them from that backup and copy to your user profile. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Built-in encryption questions
    ... keys, but as I said, all the documentation I can find is terribly involved ... > this folder private". ... >> If I get all this sorted out I'll use encryption but want some way to ... I see there are such things as recovery ...
    (microsoft.public.windowsxp.general)
  • Re: What is the path to recover Encryption keys from Formatted HD
    ... clarify where within the directory structure the keys are stored, ... to decrypt the folder. ... have used a data recovery tool to recover the Documents & Settings ...
    (microsoft.public.windowsxp.security_admin)
  • RE: Protecting sensitive files on a Windows file server
    ... In EFS, it takes me 5 minutes to remove the recovery key from the ... Protecting sensitive files on a Windows file server ... You have to have backup keys in case the original ...
    (Security-Basics)
  • Re: Removing "BagsMRU" from registry
    ... Type regedit in Start Run and delete all these keys. ... By default the Remember each folder's view settings option is enabled. ... The changes you make to a folder's view is automatically saved when you close the folder. ... Group Policy adds this entry to the ...
    (microsoft.public.windowsxp.general)