OK, I dont know where my Win XP CD is. Windows died on my 40 gig hard drive and all of my document files are encrypted. I have my 30 gig going with windows xp but I cant access the files on the 40, dispite having the same user name and password. Do you guys know how I can recover my files? Please help!

im a bit confused.... you can access the drive, but not the files??


maybe you could boot to something like knoppix, see if you can access the files then

I think I need soem sort of a cracking software or some other trick that would allow me to open and decrypt the files. I can see them, but not open them. They were encrypted by windows.

Whats Gentoo?

Originally posted by Anaxagoras1986
OK, I dont know where my Win XP CD is. Windows died on my 40 gig hard drive and all of my document files are encrypted. I have my 30 gig going with windows xp but I cant access the files on the 40, dispite having the same user name and password. Do you guys know how I can recover my files? Please help!

If you can see the files but not open them bc they are encrypted there may still be a way to retrieve them. XP, of course, is NT based and uses NTFS permissions. If you are in the Administrator group, you should be able to decrypt the files. (Also users from the Backup Operators group can do this). Unless of course you used some 3rd party software that doesn't encrypt them the same way Windows does.

Disclaimer: I'm not 100% sure about this, but I think I'm right. XD.

One way is to slave this drive to an XP drive that has the same encryption program used on the slave drive.

Then just copy needed files over and decrypt to the master drive.

If your talking EFS this should work when having the same admin name /pass on the master. Also search for EFS in the windows help, they go into recovery.

When I try to decrypt them it says 'access is denied'. I am an admin too. Any other tips?

Try this on one of the files, if it works like it should, you could use the same method for the rest of them and then you'll be able to decrypt them.

1) Open the "Properties" dialog for one of the files.
2) Click on the "Security" tab.
3) Make sure the "Administrators" group is added to ACL of that file.
4) Click on "Advanced".
5) Click on the "Owner" tab. Since you are of the Administrators group, you have the ability to take ownership of files.
6) Note the "Current owner of this item:".
7) In the "Change owner to:" box, find either your name or the "Administrators" group.
8) Click on one of them, then click "Apply". This gives the group or you ownership over this file. If all goes well, you should be able to decrypt the file. Repeat this process for the rest of the files.

Hope that helps!

Where is the change owner to box?

In the Security tab, click on the "Advanced" button. A dialog should come up and there should be an "Owner" tab in that dialog.

I can get to the tab. But from there I only see my computer name\ 'my user name' and 'administrators'.

okay, select either your name or admnistrators, then click Apply. this will make you or the group the owner of the file. you should be able to decrypt it now.

or you can remove all the users shown in there and add your account again to that. It'll fix your problem too. Anyway EFS recovery agent account can access those file after taking the ownership of the files and so the admin. Hope you go them.

I supposedly have ownership, but it still wont let me touch the file. I think the problem is because the files were encrypted with the windws installation on the 40. Now it wont allow me to de-encrypt it with the 30 gig's installation. Different certificates maybe? I dont know.

I tried using a program called Advanced EFS Data Recovery. It was able to break the encryption...but it will only do the first 512 bytes unless I buy the 99 dollar full copy! Does anyone know of a cheaper program that is similar?

Thanks for the help here!

Did you make yourself a file encryption certificate?...if not, you're in trouble. If you did, then just import the certificate, and you'll have access to your data again. If you didn't make a file encryption certificate, are you connected to a domain? If so, you may be in luck, as a domain administrator can decrypt it...if not, then you may have lost the data (unless you resort to using a third party program.) :(

No I didnt make a backup certificate. This is just my PC. This is really bad. Do you know of any programs that could help?

I don't know of any EFS recovery programs offhand, but you may find some helpful information in the following MS TechNet article...

Encrypting File System in Windows XP and Windows Server 2003 (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/winxppro/deploy/CryptFS.asp) :)

Is it possible to get the certificate off of the dead OS and use it on the one that is working? I didnt back up the certificate, but all of the files on that HD are intact except for one of the startup files.

You can try this:

Run certmgr.msc see what it finds

or

To import a certificate, run Microsoft Management Console (MMC) and add the Certificates snap-in. When prompted, select My user account. Navigate to the Personal\Certificates store, right-click the details pane, and select All tasks\ Import certificate. Then, point the wizard to your slaved disk and see what you get.

You can also run cmd: cipher /? see what that does for you

Or
here is a MS "tool" and help file that can give you some info on your EFS files: http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/efsinfo-o.asp



Have you (admin) tried just removing the properties\advanced encryption atribute?

You can also search your slave drive fora .pfx file and if found drag it over and right click on it and hit "install PFX"
Next
Next then enter password from key(EFS from slave)
Next then hit "Place all certicicates in private store"
hit browse
personal, ok , yes, ok

you should then be able to open them all .

I just use the elmcomsoft advanced EFS recovery and EFS melts like butter, which is why its pretty much worthless in my eyes.

But it is $99 and you have to consider that. But if you get say $80 per hour for running that on EFS files, its worth it

Wanted to add that one thing you have going for you is that you know by using the demo that your files are in fact intact and recoverable, so that is a good thing, so keep plugging away and you should be able to get your files back.

Hey thanks alor for all of the info everyone :) ! Im going to try these latest things tomorrow when I get time.

You say Windows died, and then later you say it's only missing a boot file. Which boot file is it missing? I've fixed a few of those in the recovery console in my ResNet experience. What is the exact file name? ntoskrnl? I can attempt to walk you through replacing the file with a backup from the CD or from your other installation of Windows. If it's a registry file, you can slap on a clean registry and boot, but most of your applications won't work. But you can get your data off.

Z

Ok I just tried starting it to see what the missing file was and guess what? For some reason it is working now, Im not complaining!!!! Thanks everyone for the help! :-)

well there you go. Glad I could be of some service (I was the one that got you to start it again, wink wink :D ).

Glad it's solved

Z

Well while I was on my 30 I scaned it for viruses and spy ware. I removed soem spy ware and maybe that is what helped it start upp. Thanks for the help.

No worries. Having seen a few of these, it's almost like it just randomly loses the files. People come down saying their computer has a virus on it and that it's running really slowly and when we go to turn it on, it's missing boot files and registry files and the like. It's really quite strange.

Glad you've got it fixed

Z

Hey does that mobile 2400 run cooler and have a lower vcore than a normal 2400?

Yes and yes, though I can't compare since I haven't had a desktop 2400+. It's speced at 45W and definitely has a lower VCore (I think . . . maybe not). Either way, I've read people's comments that said that their 2400+ (mobile) at 1.85 volts ran cooler than their 2500+ at 1.75 or something like that . . . Might be bunk, might not be.

Z

now that Windows is working make that file encryption certificate, before you forget...

I had the same thing once and lost a bunch of data...