General discussion


Windows 2000 Encryption Disaster

By Monte.Cristo ·
First my system as follows:
-Windows 2000 Professional + Service Pack 1 + Internet Explorer 5.5 with 2 H.D's formatted as NTFS file system.

Recently I had a problem logging on to the system which sometime take about 6 hours ?.!!!!?, so I decide to install windows again.
First I copied my files to the second H.D. and then I format the Boot Partition (First H.D) and installed windows 2000 in a clean installation Method.
After the success of installation, I was shacked when I tired to get back my files again, I found them encrypted, I don?t know how that happened.
I tired to decrypt the files, but the system denies my access.
I took the ownership of the folder and assigned an NTFS permission to my Account (Administrator), but itdidn't solve the problem.
I don't know what to do, since I will lose about 1.2 GB of pure Data and Documents.
I seek the help of anyone who can provide me with assistance.
If there is more information I missed, please send E-mail to: .

Thank you

Mohammad Ali Ahmmad

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Sorry but...

by rob.wilcox1 In reply to Windows 2000 Encryption D ...

I understand your plight with this one, but unfortunately I don't see that there is anything that you can do.

Microsoft specifically state that you HAVE to export the recovery agents private key in order to be able to do data recovery (ie decryption) in the event of a disaster (such as the one you've had).

We have made it a clear policy in our company that before a machine goes out to the user, the administrator accounts' private key is exported to a network share (which is backed up daily). That way if/when the user thinks, "Ohh I wonder what this encryption thing is all about". We'll be safe in the knowledge that we have a recovery mechanism.

To my knowledge there isn't anything which can recover the files.

The only chance you have got is to phone Microsoft Product Support Services, but they'll probably tell you the same story as I just did.

Before we made our policy "live" we discussed this the PSS and worked through the scenarios with our support staff a good few times so that everyone was comfortable.


Rob Wilcox

Collapse -

RE: Windows 2000 Encryption

by Kima In reply to Windows 2000 Encryption D ...

There is a command line tool for Windows 2000 call CIPHER, to recover files on a recovery computer where a current recovery agent account, certificate, and private key are located. This is useful when a user's private key for EFS is damaged.

To recover a file, a recovery administrator must log on to the recovery computer as the recovery agent account and then use Cipher to decrypt the file. Cipher only workds for the recovery agent accounts that are listed in the files DRF. Cipher also only works if the private key for recovery is installed on the computer.

By default, the domain Administrator's account on the first domain controller that is installed in the domain is the recovery agent account for computer that are connected to the network. On stand-alone computers, the local Administrator's account is the default EFS recovery agent account. EFS generatees EFS recovery certificates automatically for default Administrators account.

If you don't have it or need CIPHER letme know.... Hope this works...


Collapse -

Check this article...

by Kima In reply to Windows 2000 Encryption D ...

Step-by-Step Guide to Encrypting File System (EFS)

It should help you...

Related Discussions

Related Forums