Guest kiko Posted September 10, 2007 Posted September 10, 2007 Hi, I need help. I could not access to my D drive (encrypted data) after reinstalling XP Pro (in C drive). I did not touched D drive at all. I went thru some of the posts here and tried the various method suggested i.e. taking ownership, permission - but to no avail. Kept getting "access denied". Now I'm sitting here helplessly, staring at all my files trying to figure out how not to lose them. Can someone help me pls? Thanks, Kiko.
Guest Malke Posted September 10, 2007 Posted September 10, 2007 Re: Access denied to encrypted files after reinstalling XP Pro kiko wrote: > Hi, > > I need help. I could not access to my D drive (encrypted data) after > reinstalling XP Pro (in C drive). I did not touched D drive at all. I went > thru some of the posts here and tried the various method suggested i.e. > taking ownership, permission - but to no avail. Kept getting "access denied". > Now I'm sitting here helplessly, staring at all my files trying to figure out > how not to lose them. Can someone help me pls? If you really, really encrypted the data using EFS and neglected to back up your keys, the data is lost. You might contact Elcomsoft to see if their program can help but I'm not optimistic about it. http://tinyurl.com/6l6xx - MS information about EFS (Encryption) http://www.elcomsoft.com/aefsdr.html - Encrypted files retrieval application http://www3.telus.net/dandemar/encrypt.htm - encryption info http://www.beginningtoseethelight.org/efsrecovery/ - more encryption info Malke -- Elephant Boy Computers http://www.elephantboycomputers.com "Don't Panic!" MS-MVP Windows - Shell/User
Guest Patrick Keenan Posted September 10, 2007 Posted September 10, 2007 Re: Access denied to encrypted files after reinstalling XP Pro "kiko" <kiko@discussions.microsoft.com> wrote in message news:188D716E-D4DF-48AE-9B6E-523FD5598C74@microsoft.com... > Hi, > > I need help. I could not access to my D drive (encrypted data) after > reinstalling XP Pro (in C drive). I did not touched D drive at all. I went > thru some of the posts here and tried the various method suggested i.e. > taking ownership, permission - but to no avail. Kept getting "access > denied". > Now I'm sitting here helplessly, staring at all my files trying to figure > out > how not to lose them. Can someone help me pls? > > Thanks, > > Kiko. The encryption scheme in XP is tied to your account credentials, not to the data or XP permissions. These credentials are more than the username and password. The last step of encryption, unfortunately neglected by many, is backing up the account credentials. Following a reinstall, or any of the events that damage or alter the account credentials (such as changing the password from outside the account), the credentials are simply re-imported, and then you can take ownership of the files and decrypt them. If you did not perform this last step, or cannot find the backup floppies, or they have failed, there is no happy ending here. The data can be considered permanently inaccessible. Microsoft did a really good job at making strong encryption easily accessible, but didn't do quite as good a job at making clear what the implications of all the steps are. -pk
Guest kiko Posted September 10, 2007 Posted September 10, 2007 Re: Access denied to encrypted files after reinstalling XP Pro I was able to decrypt the folder. Is this a good thing? Also if I have the key how do I use it? "Patrick Keenan" wrote: > "kiko" <kiko@discussions.microsoft.com> wrote in message > news:188D716E-D4DF-48AE-9B6E-523FD5598C74@microsoft.com... > > Hi, > > > > I need help. I could not access to my D drive (encrypted data) after > > reinstalling XP Pro (in C drive). I did not touched D drive at all. I went > > thru some of the posts here and tried the various method suggested i.e. > > taking ownership, permission - but to no avail. Kept getting "access > > denied". > > Now I'm sitting here helplessly, staring at all my files trying to figure > > out > > how not to lose them. Can someone help me pls? > > > > Thanks, > > > > Kiko. > > The encryption scheme in XP is tied to your account credentials, not to the > data or XP permissions. These credentials are more than the username and > password. > > The last step of encryption, unfortunately neglected by many, is backing up > the account credentials. > > Following a reinstall, or any of the events that damage or alter the account > credentials (such as changing the password from outside the account), the > credentials are simply re-imported, and then you can take ownership of the > files and decrypt them. > > If you did not perform this last step, or cannot find the backup floppies, > or they have failed, there is no happy ending here. The data can be > considered permanently inaccessible. > > Microsoft did a really good job at making strong encryption easily > accessible, but didn't do quite as good a job at making clear what the > implications of all the steps are. > > -pk > > >
Guest Patrick Keenan Posted September 10, 2007 Posted September 10, 2007 Re: Access denied to encrypted files after reinstalling XP Pro "kiko" <kiko@discussions.microsoft.com> wrote in message news:76A26F7A-FBFC-4717-93FD-2B9035777464@microsoft.com... >I was able to decrypt the folder. I'll note that gaining access through taking ownership is not the same as decryption. You may have set the files to private, which is *not at all* the same as encrypting them. > Is this a good thing? If you needed the data, decrypting it or gaining access is definitely a good thing. You're done. Be sure that you do have tested backups of the account credentials if you are using encryption. You may also wish to make safety copies of backups without encryption, stored in a very secure location (for example a bank safety deposit box). A copy of the exported credentials should also be stored in a secure offsite location. If they were exported to floppy, you might want to use one of the floppy imaging programs available and burn that image to CD, to guard against the degradation of floppies. > Also if I have the > key how do I use it? The key is the exported account credentials, which you have obviously now imported if you had actually invoked encryption; this means you know how to use it. It sounds like you may have set them to private rather than actually encrypting them with EFS. Again, setting the files to private *does not encrypt them*. The contents of the files are available to anyone with a smattering of knowledge and access to your PC for half an hour. If you do really need the encryption, and there are indeed circumstances where it is highly appropriate, be sure that you fully understand how the encryption utilities work and how you can be sure that you can recover the files should the system be damaged in any way. "Best practices for the Encrypting File System" http://support.microsoft.com/kb/223316/EN-US/ HTH -pk > > "Patrick Keenan" wrote: > >> "kiko" <kiko@discussions.microsoft.com> wrote in message >> news:188D716E-D4DF-48AE-9B6E-523FD5598C74@microsoft.com... >> > Hi, >> > >> > I need help. I could not access to my D drive (encrypted data) after >> > reinstalling XP Pro (in C drive). I did not touched D drive at all. I >> > went >> > thru some of the posts here and tried the various method suggested i.e. >> > taking ownership, permission - but to no avail. Kept getting "access >> > denied". >> > Now I'm sitting here helplessly, staring at all my files trying to >> > figure >> > out >> > how not to lose them. Can someone help me pls? >> > >> > Thanks, >> > >> > Kiko. >> >> The encryption scheme in XP is tied to your account credentials, not to >> the >> data or XP permissions. These credentials are more than the username and >> password. >> >> The last step of encryption, unfortunately neglected by many, is backing >> up >> the account credentials. >> >> Following a reinstall, or any of the events that damage or alter the >> account >> credentials (such as changing the password from outside the account), the >> credentials are simply re-imported, and then you can take ownership of >> the >> files and decrypt them. >> >> If you did not perform this last step, or cannot find the backup >> floppies, >> or they have failed, there is no happy ending here. The data can be >> considered permanently inaccessible. >> >> Microsoft did a really good job at making strong encryption easily >> accessible, but didn't do quite as good a job at making clear what the >> implications of all the steps are. >> >> -pk >> >> >>
Guest kiko Posted September 10, 2007 Posted September 10, 2007 Re: Access denied to encrypted files after reinstalling XP Pro > The key is the exported account credentials, which you have obviously now > imported if you had actually invoked encryption; this means you know how to > use it. I was able to decrypt the folder but not the files in it. :-( How do I use the key? Which media is a better back up? USB thumb drive or CD? If those data are really gone, I guess I will have to reinstall again. They are taking too much space (50GB). What should I take note of if I want to encrypt my data? Thanks again for your help. =) > Be sure that you do have tested backups of the account credentials if you > are using encryption. You may also wish to make safety copies of backups > without encryption, stored in a very secure location (for example a bank > safety deposit box). > > A copy of the exported credentials should also be stored in a secure offsite > location. If they were exported to floppy, you might want to use one of > the floppy imaging programs available and burn that image to CD, to guard > against the degradation of floppies. > If you do really need the encryption, and there are indeed circumstances > where it is highly appropriate, be sure that you fully understand how the > encryption utilities work and how you can be sure that you can recover the > files should the system be damaged in any way.
Guest Patrick Keenan Posted September 10, 2007 Posted September 10, 2007 Re: Access denied to encrypted files after reinstalling XP Pro "kiko" <kiko@discussions.microsoft.com> wrote in message news:411535A6-8DFD-4205-863E-8FF5F7317DE8@microsoft.com... >> The key is the exported account credentials, which you have obviously >> now >> imported if you had actually invoked encryption; this means you know how >> to >> use it. > > I was able to decrypt the folder but not the files in it. :-( > How do I use the key? You have to first have the key - which is the exported credentials (or "certificates"). You can't get these after a reinstall; they died with the original account. If you don't have it now, you can't get it back. To import the certificates, go to start, run, type "certmgr.msc ". Go to Action, All Tasks, Import. Then you should be able to access the encrypted files. > Which media is a better back up? USB thumb drive or CD? USB drives are known to fail suddenly (I have half a dozen failed ones in my desk drawer). So, while they are very useful, they are for data transport and not for storage of critical data. Use CDs and DVDs for longer-term storage. Make more than one copy and don't keep them all in the same place. Many people use a set of five DVDs, marked with days of the week, and swap them daily for daily backups. Regularly make an extra copy and store them offsite. This is important to account for recovery from things like fires. > If those data are really gone, I guess I will have to reinstall again. Reinstalling will not change this in any way. > They > are taking too much space (50GB). What should I take note of if I want to > encrypt my data? You must be sure that you fully understand and take all the steps so that the data is both protected and recoverable. And *test* the backups on another system or account to be sure that you can in fact regain access to the encrypted data before relying on them, and until you are satisfied that the data is recoverable, keep an unencrypted copy. Again, to test, use an account or system that can't decrypt the data. Import the certificates and verify that you can then decrypt the data. Be sure to store a tested copy of the certificates at another secure site. HTH -pk > > Thanks again for your help. =) > >> Be sure that you do have tested backups of the account credentials if you >> are using encryption. You may also wish to make safety copies of >> backups >> without encryption, stored in a very secure location (for example a bank >> safety deposit box). >> >> A copy of the exported credentials should also be stored in a secure >> offsite >> location. If they were exported to floppy, you might want to use one of >> the floppy imaging programs available and burn that image to CD, to guard >> against the degradation of floppies. > >> If you do really need the encryption, and there are indeed circumstances >> where it is highly appropriate, be sure that you fully understand how the >> encryption utilities work and how you can be sure that you can recover >> the >> files should the system be damaged in any way.
Guest kiko Posted September 17, 2007 Posted September 17, 2007 Re: Access denied to encrypted files after reinstalling XP Pro > The last step of encryption, unfortunately neglected by many, is backing up > the account credentials. > > Following a reinstall, or any of the events that damage or alter the account > credentials (such as changing the password from outside the account), the > credentials are simply re-imported, and then you can take ownership of the > files and decrypt them. May I know how exactly do I do that?
Guest John Wunderlich Posted September 17, 2007 Posted September 17, 2007 Re: Access denied to encrypted files after reinstalling XP Pro =?Utf-8?B?a2lrbw==?= <kiko@discussions.microsoft.com> wrote in news:1ED7A63E-0DCF-4805-A2AE-09FFEDE73080@microsoft.com: >> The last step of encryption, unfortunately neglected by many, is >> backing up the account credentials. >> >> Following a reinstall, or any of the events that damage or alter >> the account credentials (such as changing the password from >> outside the account), the credentials are simply re-imported, and >> then you can take ownership of the files and decrypt them. > > May I know how exactly do I do that? > It's documented here, near the bottom: "Best practices for the Encrypting File System" <http://support.microsoft.com/kb/223316/en-us> Importing is just the opposite of exporting. HTH, John
Guest kiko Posted September 18, 2007 Posted September 18, 2007 Re: Access denied to encrypted files after reinstalling XP Pro Thanks a lot, John.
Recommended Posts