|
| | | | A PC had Vista installed and one folder was encrypted by OS. This folder had
some thousand or so files.
Then Vista was reinstalled, with most old system files (including "Windows",
"Users" and "Documents" folders) deleted before reinstallation. Encrypted
folder left intact on HDD.
Is it possible to get files from encrypted folder somehow decrypted under
newly installed copy of Windows?
Username and password for Windows account used to encrypt folder are known.
Utilities like Elsomsoft's EFS recovery could not do much - when account
password have been supplied utility said that it can decrypt about 90 files
in total with no hint on why specifically these files can be decrypted and not
others.
(microsoft.public.security, microsoft.public.win2000.security,
microsoft.public.security.homeusers, microsoft.public.windows.file_system,
microsoft.public.windows.vista.security)
|
| |
| | | | | Post in reply to: sunorain
Without a backup of the EFS certificate your files are lost.
John
|
| |
| | | | | Post in reply to: sunorain
In the meantime, the OP left to post elsewhere where the conduct was less of
a grade school playground brawl.
statrted a good cat fight.....
"He started it"
"I did not, you did"
"No, you did."
ad infinitum......
|
| |
| | | | | Post in reply to: Andy Medina
Yep, certainly did that, didn't it. Think it was a Usenet "drive-by"
post... or was it possibly related to the "can't be done, don't bother
even trying", wherein everyone has the ability to post their purported
prior experience levels upon challenge... I always get a kick out of
Usenet, but it is reflective of society in general. These same
activities have been carried over into other areas, such as blogs and
"social networking" activities.
--
MEB
|
| |
| | | | | Post in reply to: MEB
What an egotistical troll you are! The problem isn't with the others it is
with YOU! You are the one who did the "drive-by" post. You gave no useful
advice at all, the only thing that you did is show your vitriolic
personality and ignorance, and you have plenty of that to go 'round!
Let me add my voice to this, I've "been there, done that" and I've learned
the hard way. I'm one of those who lost files because I didn't know any
better and I didn't backup my certificate, without the certificate the file
are lost. You're wasting everybody's time with your less than helpful
posts.
|
| |
| | | | | Post in reply to: sunorain
sunorain,
I have empathy for your post and what it has been turned into. I did find a
fine example of what it basically has become...
http://video.google.com/videoplay?docid=-4784409600367252507
Hopefully it serves more purpose than the back-and-forth your conversation
has become - at least make you smile/laugh - *grin*
Direct answer...
In general - if you have no backup of your encryption key/cert and/or backup
of your old hard disk drive contents (full image) so you might revert to it
and regain said information and back it up this time - your files/folders in
the EFS are likely (for all intents and purposes) lost to you.
It sucks - but it is why people are encouraged to make good backups.
Might you be able to get something back? Sure - anything is possible - but
you'd have to let everyone know what backups you have, if you have an image
of the hard disk drive before the problems, etc. However - assuming you
would have mentioned that - recovery is unlikely - even if you throw a lot
of money at the issue.
--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html
|
| |
| | | | | Post in reply to: Shenan Stanley
Okay, at LEAST add there are some really good [some free] disk recovery
programs that could be tried. What can it hurt... it would take less
than twenty or thirty minutes to check including download time... heck,
even something like Hiren's or Knoppix Live could potentially be used.
This was an old [apparently as there are a few thousand files involved]
large installation with a SMALLER new installation placed, why not check...
--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---
|
| |
| | | | | Post in reply to: Shenan Stanley
And I would agree, when posted 10/26/09, simple recovery methods SHOULD
have been the *first* suggestions, taking the disk out of usage, and
other. INSTEAD those answering went off on the thought of
CRACKING/HACKING the actual files, to the point of a ridiculous
discussion of Super Computers.
I entered the discussion on 11/4/09 [around 8-9 days later], seeing NO
ONE had even suggested anything remotely like would have been applied
under these or other circumstances and situations, attempted file
recovery; and where NO ONE had submitted anything regarding methods or
tools, Microsoft or otherwise. The apparent though was impossible to
recover, where in ANY other file deletion or related disk issue the
IMMEDIATE response would or should have been as indicated, attempted
recovery.
When I suggest that there were other methods and provided links to
materials including Microsoft Articles and tools, they were received
with disdain BY supposed MVPs. Excuse me, these are tools and
information related to the activity. They DO provide the "best
practices" and tools for particular situations regarding EFS, don't they.
When I addressed other potentials such as beginningtoseethelight, which
shows indicators to the information sought should hex recovery or
modification be needed, I received some of the most ignorant junk
possible, AGAIN from MVPs. This is SUPPOSEDLY a group with experts. With
indicators available, there was another potential recovery method, if
necessary.
We aren't discussing cracking/hacking encrypted files, it was the
potential DATA recovery that might have been useful to the OP. It was
also the tools available, and potential methods for others who might
find this discussion.
Now, why don't YOU might explain why YOU didn't step in IMMEDIATELY
with suggested recovery methods, and WHY none of the other MVPs did.
That would be real interesting I'm sure.
While you're at it, explain why they STILL don't get it.
You can sit smugly at your computer in here all day long and say it
*might* have been impossible to recovery, it as good an excuse as any
now; but IT DANG SURE IS NOW because NONE of you even tried. NONE of you
suggested anything of value.
--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---
|
| |
| | | | | Post in reply to: MEB
Easy there, MEB.
Why do you think I (or anyone here) owe you (someone I don't know)
information about me (someone you don't know) and where I was or why I
do/don't/didn't/did do something?
Same question to you - why didn't you step in immediately on day one with
your suggestions?
Likely the same answer for both. Volunteer, not paid to do this, have a
life, doing something else, can't be everywhere at once and nunya...
You can think people are being smug all you want - they are not - they are
being where they can/want to be when they can when they want to be. They
answer how they want, with what they want.
There is no *you* here - this is a PEER-to-PEER newsgroup - you are the same
as anyone else here. You are a PEER.
Said it before, looks like I have to say it again. I volunteer my
experience and knowledge - volunteer above and beyond my normal life and
career. I get to say what I want when I want to say it. If Microsoft
disappeared tomorrow - it would mean very little in terms of what I do.
Initials mean little - it's what you make of it. I did it long before I
received any initials for doing it and would likely still do it without the
initials (although I am considering not doing it anymore because people seem
to *expect* things they shouldn't.)
Your comments were late just as some others were and did very little to help
the situation when you decided that instead of ignoring those who decided to
buck what you were saying - you'd feed on them and them on you and make this
entire conversation into garbage that was of no use to the OP and wasn't
even a logical discussion, but a "No, YOU!" shouting match.
One problem is you never know what the reaction will be from people. I have
been involved in postings where it seemed like the person had tried nothing,
but was just honestly asking for assistance. I listed all the simple things
to try and some more advanced things to try in excruciating detail - in
hopes that something might help them. What was the reaction? They bit my
head off for treating them like a child, for not assuming they had done all
the simple stuff, going as far as calling me names.
It's a volunteer based newsgroup (forum) - if you don't like what someone
says or don't want to get involved - you don't have to. If you want to stop
at any point being involved, do so. And sure - you can call people names,
troll, chide people into responding, dance around the topic, be the holy
zealot in the right/wrong side, be the jester or be the true fool - all that
is a free for all as well. What you do here *is* your choice. When you do
things here *is* your choice.
Don't expect - however - anything. It's not your 'right', especially not
here. You voluntarily answer and are no different than anyone else here -
no matter what value you want to put into what initials you see.
I knew someone once that started putting initials at the end of their name
many years back. People, strangely - started treating them with more
respect, etc. The letters added were "RNG" <- they meant 'Really Nice Guy',
but no one ever asked - they just assumed some importance came with them. I
would suggest never being that unwise.
But - I will return to the subject at hand - as it should always end up
doing...
The truth is - given what the OP did - I fully believe they would have been
unsuccessful in their attempts - no matter what was suggested within minutes
of their original posting.
They didn't make backups (if they did, they did not mention any), they
didn't understand EFS (or they wouldn't have just 'moved' the EFS folders
somewhere else thinking they could unencrypt them later without following
the well documented best practices of backing up the private key or making a
DRA) and they had attempted to fix it themselves with research (they
mentioned methods I don't believe they knew beforehand - since if they knew
of the methods, they would be unlikely to have risked their data on the
off-chance those methods would work for them.)
All of this could easily been deduced from the original posting and I
perfectly well understand why the reaction was what it was for the most
part. Logical progression from the given information. All that could be
done otherwise is ask for more information - and many times that just gets
"Just answer the question" responses and "Why do you need to know all that"
responses and the likes.
--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html
|
| |
| | | | | Post in reply to: Shenan Stanley
Wow, I really needed that explanation. Sorry, at this point my
tolerance is low..
Deduced by whom,, my immediate reaction WAS to proceed with the
recovery tools and methods in the discussion to dispel the incredible
lack of anything relevant to the issue and other similar situations.
You just change yours to another excuse, you "fully believe"... that's
fine. That still doesn't address the potential recovery and THAT was the
most important element. Unless one tries, then everything else is just
fluff, excuses, and failure, because you DON'T KNOW for sure, do you.
GUESSING, isn't productive when someones potentially irreplaceable
files are at stake. So NO your answer does not suit the issue nor the
matter as posted. Its just another excuse. The LOGICAL progression is to
stop usage IMMEDIATELY, and then make an effort to see what options
might be available.
--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---
|
| |
| |
|