How can I recover inaccessible encrypted data?
My understanding of EFS is not what I thought it to be. I have a Windows 2000 Pro machine as part of a domain. I recently reinstalled the Win2k Pro O/S on my C partition, leaving the existing D partition intact. Unfortunately I had data encrypted on the D partition which is now inaccessible. I have a full system state backup of the machine prior to installing the O/S. If this is restored, does it contain info relating to the same domain users certificates/keys to enable the ability to decrypt/read the encrypted files?
Is the new computer a member of the same domain? Do you have access to the EFS recovery agent account? (Usually the Administrator account of the domain.) If so, and if this recovery agent was the recovery agent when the files were encrypted, then this account can be used to decrypt the files. Then the new user account can be used to encrypted them. You can use the resource kit tool efsinfo.exe to determine the recovery agent on the file. You can download the tool from Microsoft http://www.microsoft.com/downloads/details.aspx?FamilyID=9c70306d-0ef3-4b0c-ab61-81da208f5c47&displaylang=en
, and use the information in Microsoft's KB article 243026.
If this fails, you may be able to recover the account and certificate by reinstalling the system state. If the system state includes the user profile for the user who encrypted the files, and if the password is still known then you should be able to access the files.
This was first published in February 2004