Need to recover encrypted files from Windows XP drive

Discussion in 'Windows Vista Security' started by owlfan12000, Apr 22, 2008.

  1. owlfan12000

    owlfan12000 Guest

    I had a problem with an older Windows XP Pro machine. I now have a Windows
    Vista Premier x64 machine. Since the old computer had an ATA drive I couldn't
    just move the old hard drive to the new SATA system so I have bought an
    external hard drive kit to connect the old drive to the new system via a USB
    2.0 port.

    My problems is that I can no longer access some encrypted files on the old
    hard drive. I would appreciate help figuring out how to recover the old
    files.
     
    owlfan12000, Apr 22, 2008
    #1
    1. Advertisements

  2. You need to decrypt the files by importing in your old EFS encryption
    certificate (which you should have exported on the old XP Pro machine).
    Alternatively, if the XP machine was in a domain, the EFS recovery agent for
    the domain's certificate and private key can be used to recover the EFS
    files.
    You can view the thumbprints of the certificates by viewing the properties
    of the affected files on the General tab, by clicking the Advanced button.
    You must have both the certificate with the matching thumbprint and access
    to the private key.

    Brian
     
    Brian Komar \(MVP\), Apr 22, 2008
    #2
    1. Advertisements

  3. owlfan12000

    owlfan12000 Guest

    Brian,

    Thanks for your help. I've got a few questions/comments:

    1. "You need to decrypt the files by importing in your old EFS encryption
    (which you should have exported on the old XP Pro machine)." The old machine
    crashed so I did not export anything. Is there a knowledge base article or
    something that describes how to import the old EFS encryption now? Is it even
    possible?

    2. I'm not sure whether my old machine was set up as a domain or not. I did
    have multiple users set up with XP Pro.

    3. I can't view any encryption info from the advanced button of a file. The
    encryption box is checked but it is grayed out.

    4. Some additional history in case it is relevant. The files in question are
    in a folder that was copied from an even earlier computer hard drive that may
    have been running Windows 98. In the XP machine I installed the old drive as
    a slave and copied the folder over to a new directory on the XP machine. I
    still have the original drive from the Windows 98 machine. New files were
    later added to the directory.

    5. FYI, My first computer was a Zenith 8088 with a 10 MB hard drive so I
    know my way around directories and can find my way around the registry if
    necessary. That being said I've become less educated about the operating
    systems as Microsoft has moved to XP and I'm still very frustrated finding
    anything in Vista. (All of that means I also know enough to be dangerous.)

    John
     
    owlfan12000, Apr 22, 2008
    #3
  4. owlfan12000

    Paul Adare Guest

    If you used EFS encryption on these files and had not exported the EFS
    certificate and private key and don't have a valid backup of the system
    from before it crashed then your files are gone for good.
     
    Paul Adare, Apr 22, 2008
    #4
  5. owlfan12000

    Alun Harford Guest

    This isn't trivial.

    You need to create an account with the same username, password, user
    number and machine sid as the original account, copy Crypto, Protect and
    SystemCertificates directories from
    X:\Docs&Settings\Username\Application Data\Microsoft\ to your machine
    and log in as that user.
     
    Alun Harford, Apr 25, 2008
    #5
  6. owlfan12000

    Temujin Guest

     
    Temujin, Jul 20, 2009
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.