How can I open files encrypted on a computer that was under a domain until I reinstalled?

Luis Romero April 18, 2011
Pinterest Stumbleupon Whatsapp

I encrypted some files on a computer that was under a domain. Then I bought that computer, formatted and don’t have a domain anymore. Now the files are there, but I just can’t open them because it says that I don’t have permission. What can I do? These are almost live/death files!

  1. Tina
    April 24, 2011 at 6:30 pm

    Luis,

    were you able to access the encrypted files in the meantime? How did you do it? Please let us know in case you need more help. Thank you!

  2. FIDELIS
    April 19, 2011 at 12:07 am

    Hello, if you formatted the computer, did you leave a partition with the files on it? or did you save the files to a different media? Once a computer joins a domain, and that domain is using EFS as encryption, you must have access to the Recovery Agent's account with a valid recovery key. If you do not have a valid recovery key and access to the Recovery Agent's account, i am sorry to say you cannot recover the data.

    What domain environment was the computer joined to? Was it using server 2000, 2003, 2008? If it was joined to a 2000 environment you might be able to use the efsinfo tool that comes with the windows 2000 recovery kit. With this tool you can find out who the Recovery Agent is and who encrypted the file. Here is more info:
    http://support.microsoft.com/kb/243026/EN-US

    If the environment is/was 2003/2008 you could probably find the cipher command:
    http://www.computerhope.com/cipher.htm

    I would say, it would be really hard for you to get what you want, specially if your computer does not belong to the domain anymore.

    • Mike
      April 19, 2011 at 6:20 am

      After formating and reinstalling the computer it is somewhat impossible to decrypt EFS protected files on your own.

      EFS uses private RSA-Keys which are:
      - unique per User
      - unique per Machine
      - unique per Installation

      Even if you onlydeleted the user and then create a new one with the same username and password the RSA-Key would have changed already. By reinstalling the computer you wiped all local EFS Certificates, including the Recovery Agent.

      I think your only chance is to contact the domain administrator(s), explain the situation and see if they can provide you with an exported EFS Recovery Certificate of the Domain.

  3. Tina
    April 18, 2011 at 11:32 pm

    Luis,

    which software did you use to encrypt the files?
    What operating system are you running?