NTFS encryption issue/question

[mobogasm]

Hi,

I exported my key (windows 2K pro SP3, NTFS) when I was logged in as myself, I have that key but no longer have access to my file because of the encryption. So I logged on as administrator on the local workstation and installed the .pfx as stated in the anandtech faq but I still can not decrypt the file using the administrator account. I thought I checked and administrator is listed as a recovery agent. What step am I missing or did I miss? THanks.

 

[igiveup]

Is the file on another system than it was originally created on? If so you might have to take ownership of the file first (so that the administrator actually has rights over that file on the local system. The admin account on the other system is a different user/SID). Then try to decrypt it.

Just a guess, but its something to try.

 

[mobogasm]

it's on the same computer in the same original directory (c:\documents and settings\%olduser%\my documents\)

The user has been deleted but the users profile is still intact.

Any suggestions!

I would like to get this file back, but it is not the end of the world .

 

[mobogasm]

TTT

 

[kursplat]

The user has been deleted but the users profile is still intact.

recreat the user - get the files - delete user ?
or have you tryed igiveup's idea and just take ownership of the files ?]
good luck

 

[igiveup]

Once you delete the user simply re-adding will not let you solve the problem. Accounts are NOT based off of names but rather on long strings of letters and numbers called SID's. SID's are unique to a user and cannot be recreated.

So, re-adding a user will create a new SID = not the same user. Which is why it warns you before you delete a user that settings will be irreversably lost. Whenever possible its best to simply disable a user for a period of time before deleting to make sure you REALLY didn't need anything they had access to.

I really don't know much about the encrypting file system (EFS) or backup/restore of its keys. My best guess is that if the original user is gone then you have to take ownership of that file prior to restoring the key (log in as administrator, right click on it, Properties, then the Security tab, then at the bottom click the Advanced button. In here you will see an Owner tab. If you have the correct permissions you will be able to reset ownership). From there try to do your EFS key restore.

Best guess. SRY.

 

[mobogasm]

Already tried taking ownership of it. Won't let me (believe this is because it is encrypted). And yes, recreating the user will not work because of what was previously stateted about SID's.

Any other suggestions? I have to be able to do this since I backed up the user's encryption key, I must just be not restoring the key properly, but I did follow the instructions in the anandtech FAQ.

 

[AndyHui]

I've been watching this and I am still not sure why you are having this problem. Let me dig around to see if I can find anything.

 

[mobogasm]

THanks andy, would love to get this resolved. Just a few other notes about this, I went from one domain to another domain (that is when this problem arose), and also I can not move the file or copy it anywhere.

 

[mobogasm]

BUMP! Andy, find anything out about this? Thans.

 

[Mark R]

As I remember, only the 'recovery agent' key can unencrypt files where the user information has been lost/updated - this includes a reinstallation of windows, deleting the user account/re-creating it or changing the domain.

I've found that the personal keys don't work when imported to another account - but haven't tried them after a system restore.

I'm not sure why you don't have access to your files, but I suppose it's possible that having moved domain, your administrator account has lost the recovery key - you should normally have full access to any encrypted file if logged on as administrator (no need to take ownership) - unless you have uninstalled the recovery private key.

If you have a backup of the recovery agent key, then you could try restoring a backup of this key.

 

[mobogasm]

do i need to be on the "recovery agent" account from teh domain to restore the file then? what if the domain does not have a recovery agent?? the old domain was an nt4 domain, can i just use the administrator account from the domain(i do have access to this account)

 

[mobogasm]

BUMP