Recovering files from a slaved drive that has protected folders

By jlandeau ·
I was repairing a pc for some one that has win xp installed. It was corrupted and not booting past the Xp splash screen. At that point it gives a blue screen etc...safe mode, last know config does not work, they all result in the same blue screen. So i am at the point where i am going to wipe the drive and reinstall XP as repairs to the OS is also not working.
Before I proceeded with this I tried to back up the data on the harddrive by slaving it in another pc. this worked fine for 2 of the profiles on the drive found in Documents and Settings, but one user account was protected and I can't copy or open it to get the files on the desktop folder and My Documents.
I am trying to find out if there is a way around this protection to save the files before wiping the drive.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -


by seanferd In reply to Recovering files from a s ...

Encrypted and password-protected are different beasts, but try this first: repair the boot files.

Use XP recovery to fix the MBR or ntloader (fixboot, fixmbr). Chksdk may also be in order.

If that doesn't work, check the drive with the manufacturer's testing utility, available at the manufacturer's website.

Collapse -

did u take ownership of the files?

by Snuffy09 In reply to Recovering files from a s ...

check security settings of files?

Collapse -

Your description sound like Password Protected

by OH Smeg Moderator In reply to Recovering files from a s ...

Not Encrypted so all you need do is Take Ownership of the Files by following the directions here


If this Profile has been Encrypted however you have a real problem and the only easy solution is to ask the Owner to restore from their Backup after they get the system returned. Tell then that besides their Data they will be required to restore their EFS Recovery Agent as well to be able to read their Data.

Naturally if they don't have a Backup of their EFS Key and Data they have effectively lost it all unless they have Access to a Local Law Enforcement Authority Computer Crime Section who can break the Encryption.


Collapse -

Linux Distro

by mamies In reply to Recovering files from a s ...

You could use a Linux Distro to boot into and then copy the files of the Windows HDD to another one.

http://www.howtogeek.com/howto/windows-vista/use-ubuntu-live-cd-to-backup-files-from-your-dead-windows-computer/ has a step by step guide on doing this.


Collapse -

The steps are the same for every Distro

by OH Smeg Moderator In reply to Linux Distro

But I think you'll find that you get better results with Knoppix over Ubuntu.

It's just a bit better to get into the Windows File System but even that will do nothing to Unencrypt files that are encrypted with the EFS built into Windows.


Collapse -

The Issue

by mamies In reply to The steps are the same fo ...

Your correct about the encryption but from how i read the issue it seems that the User on the Windows machine was just protected by Windows.

The person who encrypted the files should know how to unencrypt it don't you think

Collapse -

In Theory yes but unfortunately in Practice they very rarely do

by OH Smeg Moderator In reply to The Issue

I have lost count of the people who see EFS in XP and think Great I'll Protect my files that bit better and then completely ignore the Instructions about Backing up the Recovery Agent and Data.

They think because they can see their files then whoever wants to can as well when required. But when the Windows OS gets damaged the reality is that unless they have contacts in the Computer Crime Investigation Units their Data is Gone Forever and the ability to Decrypt Files without the Encryption is non existent.

I have lost count of the number of people blaming M$ for allowing EFS into the OS who have lost their Data because they prove it is impossible for them to read the simple directions given when they first enable it.

Then you have others who blame Techs who they give the job to rebuild their system but fail to mention that they have Encrypted their files. Unfortunately by the time that the tech finds out normally it's way too late to do much about it.

Even the M$ Tool to decrypt the Encrypted files isn't widely known about and even less discussed by those who know what it is. There is a very good reason for that as they are all from the industries who have to be able to break Encryption to do their Jobs properly and they do not want to make it known that there are places that are capable of breaking their Encryption.


Related Discussions

Related Forums