Sign in
 

none
EFS and decrypting a file

 > 

    Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    I have some files that were encrypted in my previous windows installation.

    I recently installed Server 2008 on the machine, a clean install, and am now trying to decrypt the files (I am not in a domain). I have a clone of my original system on a separate hard drive however the certs were never backed up. Since I have a clone of the original system I thought I would be able to import the cert into my new system and decrypt the files.

    I am able to import the cert but I still cannot decrypt the files, I get an "Access Denied" error. When I try to export the old cert I get a note that "the associated private key is marked as not exportable."

    I ran efsinfo on my files and I have the cert with the same thumbnail imported but when I run "efsinfo /Y" only my new cert thumb is listed, I thought I would see my new and old cert thumbnails. The files also have no Recovery Agent :(

    Is there any way I can decrypt these files other than mounting my cloned drive?

    Thanks!
    Thursday, January 22, 2009 1:09 AM
    |

Answers

  • Question
    Sign in to vote
    1
    Sign in to vote
    Hi,

    If you have your original profile, you can use "reccerts" tool to retrieve the private key to recovery EFS file.

    Reccerts Usage:
    reccerts.exe -path: "profile path" -password:<password>

    But you have to contact to Microsoft Support to get this tool. Thank you for your understanding.

    Thanks.

    This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by Denny Ferra Thursday, January 22, 2009 8:00 PM
    Thursday, January 22, 2009 12:15 PM
    |
    Moderator

All replies

  • Question
    Sign in to vote
    1
    Sign in to vote
    Hi,

    If you have your original profile, you can use "reccerts" tool to retrieve the private key to recovery EFS file.

    Reccerts Usage:
    reccerts.exe -path: "profile path" -password:<password>

    But you have to contact to Microsoft Support to get this tool. Thank you for your understanding.

    Thanks.

    This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by Denny Ferra Thursday, January 22, 2009 8:00 PM
    Thursday, January 22, 2009 12:15 PM
    |
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote
    I have run into the exact same situation. Where can I download this reccerts.exe? Any other method that worked for you?
    Saturday, March 28, 2009 10:52 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote
    I tried to use the reccerts.exe to recover my files but I did not have any luck, you may have better chances - I would certainly still give it a try. Just google reccerts.exe and you'll eventually find your way to the file.

    I ended up getting a trial version of Advanced EFS Data Recovery and it seemed like it was working (it only lets you decrypt a certain amount of kilobytes from a file so I tested it on a  small file which worked great). So based on that I ended up purchasing the product. Not necessarily cheap, although it depends on the data you're trying to recover :) you can take a look at the product here: http://www.elcomsoft.com/aefsdr.html

    Best of luck!
    Sunday, March 29, 2009 4:45 AM
    |