NTFS Encryption

Kai

Hi

My computer runs XP and has 2 Hard drives one is IDE and the other is SATA [important later]. Now over the weekend i formated the drive that had XP on it and saved all the stuff i wanted on the SATA drive. Now when i reinstall XP and all the drivers and stuff i can access all the folders on the SATA drive except for one. This one folder contains all my college notes and Several other stuff and is the most important part that i didnt wish to lose.

When i try to open the folder i get the message "you do not have access to this". I vagely remember using the NTFS encryption thing to secure the folder from guests who log on to the PC but now because ive formatted and reinstalled XP im being detected as a different user and it wont allow me access. As far as i know each user gets a unique Certificate and only that can be used to access NTFS encrypted folders.

Anyway I was wondering if anyone had any ideas on getting the contents of the folder back ? If it wasnt on an SATA drive i could stick in a knoppix cd and just copy the folder to another location and then reboot but knoppix as far as i know doesnt support sata drives yet.

So has anyone one ANY ideas on how i could get around this ? If the answer is unsuitable for posting on the thread then please PM me as ill need the stuff in this folder pretty soon.

Stephen

I know nothing about NTFS encryption, but you could try logging in as administrator, open the properties dialog for the folder in question and go to the security tab, and take ownership of it. This would give you access to it under normal circumstances, but as I said I don't know what the story is with encrypted folders.

Kai

hmm i tried logging in as admin alright and i still couldnt access the folder. i also went to properties and security and couldnt see much that i could change really.

Maybe i missed something though. Can admin reclaim an encrypted folder does anyone know ?

Dizz

Hate to be the bearer of bad news...
As far as I'm aware when you create a new user in XP an encryption key (private key stored in users profile) for that user is generated. When encrypting data the user uses this key and so long as the user's account and correspondingly the key exists, the user can then and only then access encrypted data. Once you delete the user and his/her home dir the encryption key is lost forever, unless you have backed up your encryption key. Unfortunately even an administrator account cannot decrypt files encrypted by a user of a system. This is the case only where a recovery agent is not specified. More info....

Dizz

Dun

Are you sure you used encryption, and not permissions? If it was NTFS permissions, then you can access it by taking ownership of it, like Stephen said - Right click the Folder - Security Tab - Advanced - Owner - Change Owner To - and select your/the Administrator account.

As far as I remember the administrator can obtain a recovery agent certificate, but it has to be on the same installation as the file was encrypted in, so I'm afraid it might be impossible to get it back if it is encryption.

Kai

Ah christ **** **** ****ing hell **** on slope im up **** creek now and i dont even have a boat.

Not at home now but i hope to god it was permissions i used and not encryption. I tried the taking ownership thing but it didnt really have any option for that. Thanks for the help anyway lads ill let you know what happens here.

Dun

Are you using XP Home or Professional?

parasite

couldn't you just throw on knoppix & burn the files to a cd, not too sure if they're encrypted

Kai

tis XP PRO.

and i cant use Knoppix as it wont detect SATA drives and if the files are encrypted then it wont sort it.

kikel

Don't konw anything about encryption but could you not tranfer the folder back to an IDE drive and then use your knoppix cd to get the files back.

sorry if this is a stupid question

hostyle

http://www.elcomsoft.com/aefsdr.html?from=passcr

-- other suggestions from the 'net --

Rumour has it copying an encrypted NTFS folder to a FAT32 partition removes the encryption. I don't know however if you can copy it without being the "encryptor".

this mentions copying said folder to a compressed FS to remove encryption, though everyone else disagrees with him. Again it will obviously not work fail if you can't copy the folder.

ColmOT [MSFT]

Because the SID (security ID ) of the user that you created the files with is different to the one that you're tryin to access them now, the decryption will fail.

Additionally, because the Administrator's SID is different on the new installation than the original installation, that Administrator will not be able to recover the files.

Kai

right i tried the security thing but it doesnt seem to have an option to take ownership of the folder even as Admin.

Is there anyway i can confirm whether its just a permission problem or if it is actually encrypted ?

I cant remember encrypting it. hopefully i didnt but i cant find an option to re-own the folder.

Anyone any ideas cos i really need this folder ?

ColmOT [MSFT]

If it's a permission issue, as Administrator, you can take ownership. As Administrator you should be able to access it.

If it's encrypted with EFS, there is no method of recovery...sorry.

SouperComputer

hmm, what about using partition magic or suchlike to change it to fat32?

probably wont change the acutal encryption, but worth a try.

ozmo

Originally posted by SouperComputer
hmm, what about using partition magic or suchlike to change it to fat32?

probably wont change the acutal encryption, but worth a try.

As already stated. MS made the encryption really good this time due to NTFS being bypassed by NTFSDOS etc. The data cannot be read without the proper id.

Encrypted files are shown in a GREEN colour. (You need the option in Tools\Folder Options\Show encrypted or compressed NTFS files in color Ticked.)

You could try an Sector Scanning Undelete tool - there might be older versions of your file on the hardisk.. just a thought.

However..... I just found this... http://www.cypherix.co.uk/cryptainerse/efs.htm

"With physical access to a system, a user can boot the system from floppy disks or use O&O BlueCon etc.. to access files encrypted by users."

I really doubt its this easy - but worth a shot if you can get this O&O program.

Kai

thanks for all the help guys i got it back a few days ago but couldnt reply cos firebird was acting up.

Anyway it was a really simple splution in the end, XP as default doesnt show the security tab in file properties, you have to edit the folder view settings to show it. Thats why i couldnt take ownership of the file. Bloody simple in the end.


Thanks anyway guys.

oneweb

If I may, I just wanna smile 'cos I know the feeling of thinking it's all gone and (eventually) finding a way to get it all back.

ozmo

Originally posted by Frugu
thanks for all the help guys i got it back a few days ago but couldnt reply cos firebird was acting up.

Anyway it was a really simple splution in the end, XP as default doesnt show the security tab in file properties, you have to edit the folder view settings to show it. Thats why i couldnt take ownership of the file. Bloody simple in the end.


Thanks anyway guys.

So it wasnt encrypted then? Just nt security access rights? Lucky