Retrieving an EFS encrypted file
March 9, 2006 8:48 AM Subscribe
How can I retrieve an EFS encrypted file off of a busted laptop?
I have a laptop running Win 2k Pro. Recently, I had a seriously corrupted registry on the laptop that rendered it unbootable.
So, I took the HD out, popped it into an ext. USB 2.0 chassis, hooked it up to another computer that has Win 2k Pro. Started copying my files off.
There were some errors with some of the files and they would not copy. I tried to figure out why they weren't copying.
I noticed that they were all files that I had encrypted using EFS.
SO, ***Is there a way to get these files decrypted and off the HD?***
I have saved c:\documents and settings\*.* so if there are any certificates or what not, I should have it.
Also, when I downloaded efsinfo from MS and ran it on the files, it said:
my.doc: Encrypted
Users who can decrypt:
my_domain\john_doe (OU=EFS File Encryption Certificate, L=EFS, CN=my_user)
Certificate thumbprint: 9A30 FA76 4E1E E1F7 00C5 33BE EA82 D4B8 992D DE7F
Recovery Agents:
my_domain\some_guy (OU=EFS File Encryption Certificate, L=EFS, CN=Administrator)
Certificate thumbprint: 65CD B011 771F 5357 F04F 2295 6283 83ED 3813 BBA1
I *AM* the user john_doe and I am logged into "my_domain" as "john_doe" so why won't the file system let me get the file???
TIA for your help as I don't want to lose these files!
I have a laptop running Win 2k Pro. Recently, I had a seriously corrupted registry on the laptop that rendered it unbootable.
So, I took the HD out, popped it into an ext. USB 2.0 chassis, hooked it up to another computer that has Win 2k Pro. Started copying my files off.
There were some errors with some of the files and they would not copy. I tried to figure out why they weren't copying.
I noticed that they were all files that I had encrypted using EFS.
SO, ***Is there a way to get these files decrypted and off the HD?***
I have saved c:\documents and settings\*.* so if there are any certificates or what not, I should have it.
Also, when I downloaded efsinfo from MS and ran it on the files, it said:
my.doc: Encrypted
Users who can decrypt:
my_domain\john_doe (OU=EFS File Encryption Certificate, L=EFS, CN=my_user)
Certificate thumbprint: 9A30 FA76 4E1E E1F7 00C5 33BE EA82 D4B8 992D DE7F
Recovery Agents:
my_domain\some_guy (OU=EFS File Encryption Certificate, L=EFS, CN=Administrator)
Certificate thumbprint: 65CD B011 771F 5357 F04F 2295 6283 83ED 3813 BBA1
I *AM* the user john_doe and I am logged into "my_domain" as "john_doe" so why won't the file system let me get the file???
TIA for your help as I don't want to lose these files!
I don't know offhand...but this looks to me like you will need to do some kind of certificate recovery. Here's a link I found that seems relevant, otherwise google for "certificate recovery." I vaguely recall something somewhere about being able to get the original certificate off of the CD you used to install Win2k. This is one of those things that can probably be done, but it's very rare someone needs to actually do it.
posted by Brian James at 11:19 AM on March 9, 2006
posted by Brian James at 11:19 AM on March 9, 2006
I had to do this a couple of years ago on a Win2K machine, but I'm a little fuzzy on the details.
But the recovery agent as listed on the files is another user/cert that can decrypt your files. As I recall, I had to import the certificate for the recovery agent (a domain admin) into the local certificates using the certificate snap-in in MMC.
There should be some info on Microsoft's support site on how to do all of this. Some info here: http://www.microsoft.com/technet/prodtechnol/winxppro/support/dataprot.mspx
posted by kableh at 11:51 AM on March 9, 2006
But the recovery agent as listed on the files is another user/cert that can decrypt your files. As I recall, I had to import the certificate for the recovery agent (a domain admin) into the local certificates using the certificate snap-in in MMC.
There should be some info on Microsoft's support site on how to do all of this. Some info here: http://www.microsoft.com/technet/prodtechnol/winxppro/support/dataprot.mspx
posted by kableh at 11:51 AM on March 9, 2006
I haven't tried it out, but DreamPackPL is supposed to allow you to recover EFS encrypted files.
posted by Sharcho at 3:23 PM on March 9, 2006
posted by Sharcho at 3:23 PM on March 9, 2006
This thread is closed to new comments.
So, how do I actually recover files from here???
posted by apark at 9:50 AM on March 9, 2006