none
How do I restore a deleted file encryption key on Windows 10? RRS feed

  • Question

  • I deleted my file encryption key from User Certificates in the Control Panel. I understand that Windows does not delete the private key and that User Certificates only deletes the key from the registry. How can I recover my deleted key?
    Thursday, October 12, 2017 10:33 AM

Answers

  • Hi Hendre,

    Thank you for your update.

    Based on my check, if we delete the file encryption key on local machine and we didn’t export this key before, we couldn’t restore it.

    The command refers to that you need to have a recovery agent. The key could be stored in AD or other account. We could use it to restore.

    If we haven’t, I’m afraid it could not be restored.

    Hope it will be helpful to you


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, October 16, 2017 1:03 PM
    Moderator

All replies

  • Hi,

    Some of user’s profiles directories %APPDATA% stays for the application data directory of the user, who has encrypted the files.

    %APPDATA%\Microsoft\Crypto (contains the RSA private keys)

    %APPDATA%\Microsoft\SystemCertificates (contains the certificate files used to create the FEK for EFS)

    Also you could refer to the link below to get more information about the issue.

    https://www.sysadmins.lv/blog-en/the-case-of-accidentally-deleted-user-certificates.aspx

    Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Hope it will be helpful to you


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, October 13, 2017 12:45 PM
    Moderator
  • Hi, thank you for the response.

    I have already seen the article. The article requires that a Certificate Authority host is available for the retrieval of the public key. I, however did not perform that delete on a corporate network, instead on a stand-alone machine.

    Here is the command in question.

    certreq -config "CAComputerName\CAName" -retrieve 351 usercert.cer

    What would this command look like on a stand-alone machine?

    Friday, October 13, 2017 3:36 PM
  • Hi Hendre,

    Thank you for your update.

    Based on my check, if we delete the file encryption key on local machine and we didn’t export this key before, we couldn’t restore it.

    The command refers to that you need to have a recovery agent. The key could be stored in AD or other account. We could use it to restore.

    If we haven’t, I’m afraid it could not be restored.

    Hope it will be helpful to you


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, October 16, 2017 1:03 PM
    Moderator
  • Hi Hendre,

    I know you may have a busy business. If there is no other problem, I will temporarily close this case. Of course, we can still talk freely.

    If the reply is helpful, please remember to mark it as answer which can help other community members who have same questions and find the helpful reply quickly.

    If any further help needed, please feel free to post back.

    Best regards,

    Carl


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, November 1, 2017 2:12 PM
    Moderator