I'm not gonna respond to 90% of what's in that post, but would you like to know why there aren't warnings on advanced settings like EFS? Because they're *ADVANCED* settings. If you start screwing around with those things MS assumes you have some clue about what you're doing. You don't see 'warnings' when modifying the IP address of a machine, or adding a user account to the administration group do you? Use some common sense, stop whining to everyone that you lost your data, because you did. Emphasis on you, and emphasis on did because there is zero way you are going to get that data back. Next time, don't use settings that you aren't familiar with and you can probably avoid messes like this altogether.
I'm not gonna respond to 90% of what's in that post, but would you like to know why there aren't warnings on advanced settings like EFS? Because they're *ADVANCED* settings. If you start screwing around with those things MS assumes you have some clue about what you're doing. You don't see 'warnings' when modifying the IP address of a machine, or adding a user account to the administration group do you? Use some common sense, stop whining to everyone that you lost your data, because you did. Emphasis on you, and emphasis on did because there is zero way you are going to get that data back. Next time, don't use settings that you aren't familiar with and you can probably avoid messes like this altogether.
I'm going to try this again......
I just read this at that thread: "If you backup your Private Key (or perform a backup of your system state), then you can still get access to your files the next time you forget to decrypt them before formatting/reinstalling." I DID run the XP "Files and settings transfer wizard" during the backup. So, is that decryption key within it somewhere?
I just read this at that thread: "If you backup your Private Key (or perform a backup of your system state), then you can still get access to your files the next time you forget to decrypt them before formatting/reinstalling." I DID run the XP "Files and settings transfer wizard" during the backup. So, is that decryption key within it somewhere?
If you don't like it, then LEAVE the thread. Obviously the only reason you came here was to be a jerk. Next time you post something asking for info or help, I'll go that thread and tell YOU to "stop YOUR whining".
These were not wise ass comments. They were comments that were an attempt to inform you of your situation. Your private key is gone, therefore your data will not be decrypted unless you brute force it. As far as who is blaming me, its not me personally. Look at my sig.
Please re-read the section of my post where I said "Any encryption can be brute forced" I am agreeing with you here. It will however, take time. This not a back door per se. It's simply a process to try every possible mathematical possibility.
There is also no warning when you change the permissions on a file. EFS is implemented as a function of NTFS, so it follows the same logic. When you encrypt a file with EFS you are changing some NTFS attributes on that file, just like when you change permissions on file you are changing some different attributes.
EFS was designed to be seamless to the user, just as permissions. If you have the correct key, the file is decrypted, and you have access. If you have a user account that is on the ACL of a file with the correct permissions, you get access. Maybe there should be some kind of warning when you encrypt a file, but that goes against Microsoft's goal of a seamless user experience.
So I'm sorry you lost your data, I really am. I see this happen all the time, and I wish I could help. I did not intend to come across as condescending, but I am trying to tell you the reality of your situation. Yes, you can break the encryption absolutely. But by the time you do, the data may not have as much value to you as it does not.
Backing up your My Documents folder was a great idea. Unfortunately the key is stored in the profile, not the directory that you encrypt. As you mentioned, you may be able to recover the data from the formatted hard drive in the old machine. This is your best and really your only option. If the data is really valuable to you, you may want to spend the money to have a professional data recovery team try to get the key off the old drive.
I wish you (sincerely) the best of luck.
"Seamless user experience"? Like I said, they give warnings for every other thing you do and even the obvious, so why not encryption.
Thank you. I don't need to be told of my situation, I'm FULLY aware of that. I simply want to know how to decrypt My Documents and if it cannot be done, then that's all that needs to be stated.
Simply stated, without the private key you will not be able to decrypt the files, short of brute force.
If the old drive is hooked up to anything, I would immediately disconnect it and get it to a professional data recovery firm. That is your only chance to get the private key.
If the old drive is hooked up to anything, I would immediately disconnect it and get it to a professional data recovery firm. That is your only chance to get the private key.
Adul
Elite Member
EFS should come disabled and when you enable it should force you to create a recovery agent if your using it as a standalone workstation. On a Domain it creates a recovery agent automatically.
That looked promising, but you MUST have a password with it. I don't know what they expect you to do if a password was NEVER USED in the first place to encrypt! What do you use then? I entered no pass and it did not accept it. Yet, apparently that's all it needs to get the files back.
That password I demonstrated above is quite strong - It probably has about 70-80 bits of entropy in it. That'll take a LONG time to brute force. Given enough resources it can be broken, but look how much effort was needed to brute-force 64 bit RC5.
What I meant about the encyrption keys was that the private key in the certificate is kept encyrpted. It would be a major security weakness if the private key was simply left un-encrypted on the hard disk. In order to protect it adequately, it is encrypted with a hash of the user log-on password - so you need to know the hash (and therefore the password) before you can use the private key.
I apologize to Computer for insulting him.
Anyway, please tell me that you have taken back the old hard drive from your dad, otherwise the chance of recovering anything will diminish by the moment. I think file and settings transfer wizard doesn't get the certificates for decryption because that is not its purpose; after all, it doesn't transfer the old account's password or anything. But I really could be wrong. Do you still have the settings file?
Anyway, please tell me that you have taken back the old hard drive from your dad, otherwise the chance of recovering anything will diminish by the moment. I think file and settings transfer wizard doesn't get the certificates for decryption because that is not its purpose; after all, it doesn't transfer the old account's password or anything. But I really could be wrong. Do you still have the settings file?
That looked promising, but you MUST have a password with it. I don't know what they expect you to do if a password was NEVER USED in the first place to encrypt! What do you use then? I entered no pass and it did not accept it. Yet, apparently that's all it needs to get the files back.[/quote]
You need the password to get access to the key storage. You do know the password (it's empty), but you (from what I've read) don't have the original key stores. Since those are generated at install they are different on every machine. Best writeup I've seen is here. Any chance you can get enough of your prior backups to get the files needed?
I admit that first reading thru the entire thread I also was in the 'tough you did it yourself camp', but your statement about the files and settings wizard has merit. That tool should include some way of transfering the data you need (or atleast remind you to un-encrypt your files before continuing the migration)
Bill
Originally posted by: computer
Thank you. I don't need to be told of my situation, I'm FULLY aware of that. I simply want to know how to decrypt My Documents and if it cannot be done, then that's all that needs to be stated.
Its been said many times you need the key, but you keep insisting theres a backdoor. That being said I'd get the old HD and use something like the r studio on it and hope you can get it back or if its very important, send it off to a professional data recovery service,
In a hurry, haven't read the entire thread.
Got this on a mailing list. Might be worth looking at. Apologies if it's already been posted.
Got this on a mailing list. Might be worth looking at. Apologies if it's already been posted.
I found one that works! I downloaded the trial version and it let me recover files that are 32K or less. It's at:
http://www.file-recovery.net/download.htm
I was able to recover my password file that contained all my passwords. Good luck Computer!
http://www.file-recovery.net/download.htm
I was able to recover my password file that contained all my passwords. Good luck Computer!
I'm very skeptical about recovery and decryption of an EFS encrypted file...could you provide more details on the scenario you went through?
I'm anticipating that you deleted an important file that was encrypted, and it wasn't in the Recycle Bin anymore. I'm guessing that you were still on the same machine, on the same install, and were logged in with the same account that you encrypted the file with.
TIA,
I'm anticipating that you deleted an important file that was encrypted, and it wasn't in the Recycle Bin anymore. I'm guessing that you were still on the same machine, on the same install, and were logged in with the same account that you encrypted the file with.
TIA,
No, I did not delete an encrypted file. I have a "secure", encrypted folder in My Documents where I kept my passwords file (I use Counterpane) and images of my passport, SS card, etc., on my data disk (which is a second physical HD on my PC). I upgraded my motherboard this weekend and reinstalled XP and completely forgot about my encrypted folder. Thanks to the demo Active File Recover program, I was at least able to recover my passwords file.
Thanks. My dad hasn't done anything on the new PC. Yes I have the settings file and I'm about to put together another XP PC right now to test that theory, since I need a testbed anyway. In an hour I should know something. The settings may have some "bad settings" in them since the PC was getting a bit odd behaving, so that's why I don't want to run the wizard and restore them on my new build.
Not sure what you mean by "prior backups". If you mean older backups, no, I only save the most recent and at that time I had placed a lot of my backup data in My Documents since I needed to make more CDR's of them due to the CDR media going bad.
They haven't replied to my emails yet on why it wasn't working for me, but I did get in touch with Passware that has similar software and ("EFS Key" http://www.lostpassword.com ) the girl seemed to think it would work for my situation. I told her it wasn't since it was asking for a password and she said I should just be able to hit "ok" on the blank password input and get to it. She asked for the log file to see what was going on and sent it to the appropriate persons.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 22K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
News NVIDIA and Intel to Develop AI Infrastructure and Personal Computing Products- Started by poke01
- Replies: 411
Facebook
Twitter