Problem solve Get help with specific problems with your technologies, process and projects.

Is there any way to restore EFS-encrypted data?

I read your article on EFS. I just reinstalled my Windows XP Pro today and am now finding out (the hard way) what EFS is. Files that I have had for years are now encrypted, including some very important documents as well as a book I have been writing for three years now.

I reinstalled Windows, but my old account is still under Documents and Settings. I am able to access the crypto folder, which contains some type of file (actually two files) that are named a string of alpha characters. Can I somehow use this data to regain access to my files?

I am quite desperate at this point, and am panicking about my book as you can probably imagine. I have to believe the MS would not release something like this to the general public without making them aware of the dangers or at least providing a "back door" solution. There has to be a solution. Please, please help.

I am so sorry. I know how important data can be. I cannot imagine how you must be feeling to have lost access to so much. Unfortunately, there is no "back door." If you think about it, you would not think an encryption system was very good, if anyone could use a back door to compromise it. There would be no protection for your data at all.

You are correct that your encryption keys were kept in your profile. However, it's not as simple as finding a copy of that data. The keys are further protected and not accessible except by the account that originally used them or by the recovery agent if one was assigned. In Windows XP, there is no default recovery agent assigned. Is there any possibility that you have a backup of the system and could restore it as it was? Then you could use the only account and log on to recover your data, or at least use it to back up a copy of your encryption keys, which could then be imported into your new user account.

I know of no one who has successfully found a way to restore this information, but you might try a data recovery company. They specialize in recovering data from damaged disks, any may have had enough requests by now for the recovery of EFS-encrypted data that they have researched the possibilities when some original profile material remains. I don't want to hold out any false hope. Don't, however, destroy the old profile information or the encrypted data until you've tried them.

The workings of EFS are well documented in Windows resources kits and in articles on Microsoft's Web site. It has also been described in numerous articles, books and presented in numerous public and private seminars and classes. Unfortunately, not in enough. I cannot speak for Microsoft, but it's clear there was no attempt to hide any of this information.

I wish you luck and hope that there is a good ending to this story, but fear that there isn't.

Dig Deeper on Windows 10 security and management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.