If you use NTFS Encryption, read this.

[AndyHui]

Every day, I get one or two emails, or every now and again I see in the forums, someone has encrypted their files, reinstalled Win2K or WinXP and then lost access to their encrypted files.

And it saddens me to tell them that their files are lost. Usually they don't believe me at first. They try to log in as Administrator, try to move the files around and say to me, "But there must be a way around this!".

Well, sorry, there isn't a way around this. Your files are gone.

"But it's Microsoft!", they say. "Microsoft hasn't managed to write one piece of software that works!".

NTFS version 5's Encryption is an example of something that DOES work, and work too well at times.

Fortunately, there is a way to get access to your files.

If you backup your Private Key, then you can still get access to your files the next tmie you forget to decrypt them before formatting/reinstalling.

Please read the FAQ: How to use EFS and backup your Private Key.

If you value your data (and I'm sure that you do if you are going to encrypt it), please back up your Private Key NOW.

 

[Electrode]

this needs a sticky, don't you think?

 

[Dreadogg]

yes I see people always asking this! I dont think it should be sticky though its really thier own fault!

 

[CTho9305]

Originally posted by: Dreadogg
yes I see people always asking this! I dont think it should be sticky though its really thier own fault!

What an a-hole. Technically it is "their" fault, but does that mean it shouldn't be prevented.

I agree this should be stickied... I lost some data because of exactly the situation andy mentioned. It wasn't critical, but it was still annoying.

 

[bacillus]

I disagree about this being a sticky as folk should consult the FAQS as a matter of course in search for answers/solutions!
good info nevertheless.

 

[CTho9305]

Originally posted by: bacillus
I disagree about this being a sticky as folk should consult the FAQS as a matter of course in search for answers/solutions!
good info nevertheless.

do you consult the FAQs before doing absolutely anything at all? even if this is stickied for a week i'm sure it woudl save a lot of people some trouble.

 

[bacillus]

do you consult the FAQs before doing absolutely anything at all?

I would normally use the search button in the first instance.

 

[n0cmonkey]

bump for Andy

 

[Sunner]

I think it should get a sticky for Andy's sake, but not for the sake of the people who are too lazy to figure out how stuff works before using it.

It's not like people go out and drive without learning how to change gears, and then complain when the engine breaks down after running on the redline for 1000 km.

 

[CTho9305]

Originally posted by: Sunner
I think it should get a sticky for Andy's sake, but not for the sake of the people who are too lazy to figure out how stuff works before using it.

It's not like people go out and drive without learning how to change gears, and then complain when the engine breaks down after running on the redline for 1000 km.

Its common knowledge that you shouldn't redline the engine. Its common knowledge Microsoft security doesn't tend to be all that great and there is often a way around it. When you encrypt a folder, you get no warning (at least I didn't when I tried it just now) that this is a good way to lose your data.

 

[Sunner]

Yeah but if you have something important enough to warrant the hasstle of using EFS, you should also have the time to read about how EFS works.

It's not like it's something thats enabeled by default.

 

[AndyHui]

Merely an attempt to draw attention to the matter.

People don't read ANYTHING before they get into trouble.

 

[MGMorden]

I don't see how stickying it is going to hurt anybody here, and if it saves somebodies data then all the better. Personally I have found BestCrypt's encrypted volumes to work better than EFS though (they can be moved from system to system and if you use a compatible filesystem they can be opened on Linux or Windows).

 

[drag]

Hell, I don't worry about how something works unless it stops working!

 

[gentobu]

Heh, I found out about this the hard way about a year or so ago...I encrypted my "my documents" folder and forgot about it untill I reinstalled windows and tried to open one of my files...

 

[smp]

I find it funny that there's actually an argument going on about whether or not to sticky the damn thing! With all this ranting there need not be a sticky cause it just keeps getting bumped up

 

[CTho9305]

Originally posted by: smp
I find it funny that there's actually an argument going on about whether or not to sticky the damn thing! With all this ranting there need not be a sticky cause it just keeps getting bumped up

it's been stickied

 

[Citadel535]

It would be great for me to mail my friends copies of my private key so in case I encrypt my files and have to reinstall.

I also plan on emailing the key in plain text.

 

[RedBeard0531]

Originally posted by: MGMorden
I don't see how stickying it is going to hurt anybody here, and if it saves somebodies data then all the better. Personally I have found BestCrypt's encrypted volumes to work better than EFS though (they can be moved from system to system and if you use a compatible filesystem they can be opened on Linux or Windows).

which filesystem goes between the 2. I would love to be able to share files btwn my OSs w/o copying them to a serv.

(ps - my xp partition is on a ntfs direct disk(ldm) and my lin partition is xfs, but that can change)

 

[Dreadogg]

What an a-hole. Technically it is "their" fault, but does that mean it shouldn't be prevented

HI I Like to lock up all my important information and throw away the key! Who's the A hole now Jack a$$!

 

[DanFungus]

wow, glad I stopped by the OS forums...I was checking out another thread helping a guy, since it got moved here, and this caught my eye. Thanks Andy!

 

[NogginBoink]

Originally posted by: AndyHui
Merely an attempt to draw attention to the matter.

People don't read ANYTHING before they get into trouble.

No kidding.

Another must read is Q223316: Best Practices for Encrypting File System.

My EFS private key is on a floppy disk in my parent's safety deposit box.

 

[RSMemphis]

Actually, I was even a bit worried when I reformated/reinstalled my primary NTFS partition, that I won't be able to rid a secondary one anymore.
I had one encrypted folder - it was temporarily moved to a FAT partition that gets lots of rewriting (so it will be lost soon, if not already), and then moved back and ecrypted.

Very good advice. One of the beauties of open source OS's - if you can figure out how to do such a feat, you probably know by then what the implications are. Windows is almost too easy to use.

 

[MGMorden]

Originally posted by: RedBeard0531

Originally posted by: MGMorden
I don't see how stickying it is going to hurt anybody here, and if it saves somebodies data then all the better. Personally I have found BestCrypt's encrypted volumes to work better than EFS though (they can be moved from system to system and if you use a compatible filesystem they can be opened on Linux or Windows).

which filesystem goes between the 2. I would love to be able to share files btwn my OSs w/o copying them to a serv.

(ps - my xp partition is on a ntfs direct disk(ldm) and my lin partition is xfs, but that can change)

Sorry about the delayed response (dont' come here as often as I used to). Anyways, there's no need to change the filesystems of your main install, just use a common filesystem for the encrypted container. You can use Bestcrypt to create a "fake" drive. It's just another file, but the system will see it as a blank drive (Bestcrypt will encrypt all ingoing and decrypt all outgoing data on the fly, keeping everything secure. it can even encrypt/decrypt the swap file on the fly to make things even more secure). Anyways, because the system just sees it as another drive, you still have to choose a filesystem and format it etc. If you're in Windows you can format it as NTFS or FAT. In Linux you can format as any of the formats it supports, BUT, if you choose the FAT filesystem for your container (Linux and Windows can still be XFS and NTFS, respectively), then you can mount and dismount the container in both operating systems. Very useful. The files don't get tied down in any way either. You need to move your encrypted volume to another machine (or carry it with you), just copy it to a floppy, zip, cd or dvd (depends on size, you can make a 5mb encrypted volume or a 20gb. I don't know quite how high it tops out).

 

[newbiepcuser]

People don't read ANYTHING before they get into trouble.

Yeah, like selecting Powersupplies for their AMD boards, attaching sound cards through digital output, or selecting DVD roms for thier Japanese pop DVD

Right FAQ man