NTSF encryption

[edczxcvbnm]

Thank you for making me feel better about not leading him down the wrong path

[crono_logical]

If you formatted your old installation's partition, then chances are the data's lost Basically, doing so would have destroyed the keys/certificates associated with your old user account that would have allowed you to read the file, so there is no longer any way to decrypt them Making a new user account in a new installation with all the same names and passwords doesn't recreate the keys needed. Doesn't matter what permissions you stick on the files or take ownership either, you still can't decrypt them.

Now from looking at one of the pages you showed me, you seem to need a key of some sort to decrypt the files, since I am missing this key, does that mean my files are lost?

Correct


Things change though if your machine was in a domain environment and not standalone though In this case, the machine would have had a recovery agent policy from the domain such that by default, the domain admin can decrypt files if the user's lost/destroyed their key, like it seems you've gone and done. The policy may also specify other domain users too with this kind of power. Standalone WinXP has no recovery agents by default, not even administrators. I think standalone Windows 2003 specifies the local admin as an agent by default though - I'll take a guess that Samuraid did his tests on a Win2k3 machine (either standalone or on a domain) and didn't do a reinstall on the OS partition between encrypting the files and trying to recover them, hence he would have had no problems decrypting local files made by other users

"Encrypted files can become decrypted if you copy or move the file to a volume that is not an NTFS volume"

Only works if you can read/decrypt the files in the first place



Well, if you've got a copy of your old installation or it's partition somewhere, you might be able to recover the keys and import them into your new user account, but I have no idea how to recover the keys in this manner :kaoplain:

[Samuraid]

I'll take a guess that Samuraid did his tests on a Win2k3 machine (either standalone or on a domain) and didn't do a reinstall on the OS partition between encrypting the files and trying to recover them, hence he would have had no problems decrypting local files made by other users

I did it on my XP Pro machine on a home workgroup. The files were stored on a non-system NTFS parition. I completely reformatted the system partition and reinstalled windows. After reformatting/reinstalling windows, I used the same admin account name and the same password and simply took ownership of the files. I then was able to deencrypt them. Don't ask me how this was possible, I don't have a clue why. But it did work.

[edczxcvbnm]

Only works if you can read/decrypt the files in the first place

I figured but they don't say that explicitly. I have never messed with this encrypted file crap so I did the best I could. My only experience is questioning why a company I was doing work for was including that in their SOE as it could cause more problems than it is worth.

[Killy]

Samuraid, how does one take ownership of the files?

Also, would it be possible to break the code if I had a copy of one of the crypted files? Because as far as I know, it is one of the only ways to break encryption

[Samuraid]

Disable simple file sharing (In folder options).
Right-click -> Properties on the files in question
In the Security tab, press the Advanced button.
All the options you need should be listed there.

[edczxcvbnm]

Aww...just as I was about to post

http://support.microsoft.com/default...b;en-us;308421

[Killy]

I did that, and I seems that I am now the owner of the files. However, I am still not allowed to decrpt them, does that mean that they are lost?

[edczxcvbnm]

If you took ownership of the file then maybe you could attempt to create a new key with cipher. If that doesn't work then like cl_out said...you are SOL.

[Samuraid]

I just tried it and wasn't able to get a file to decrypt. I wonder if it has to do with creating the same user account and password to take ownership and decrypt the file.

[edczxcvbnm]

When all else fails try to e-mail microsoft and see what they tell you. Samuraid might have just gotten really awesomely lucky that one time. It could happen...Mc-WOOOOOOORLD!

[ShunNakamura]

I hate to say but I think you are SoL. The reason being even my linux professor at the college says that the NTFS encryption was good. And I can count on one hand the number of 'goods' he has given windows. He said that if you lost the encryption key then it was virutually(someone somwhere can probably do it.. but probably not many someones) impossible to break the encryption. And there were a lot of variable to the encryption key if I remember right. User name and pass being only two of them.

[Killy]

Well, thanks to all of you anyway.

[ShunNakamura]

Cancel that about difficult to crack.

I just googled it for the fun of it, and it already looks as if there is software that can crack it. But from I have seen you are looking at awfully expensive software.

So I guess if you can find a cracked cracker you could possibly retrieve. Or if the files are so important that you are willing to buy it, or at least to rely your trouble to one of th makers of these programs(to ensure it will work before you buy it).