Restore WinXP Pro with excrypted files

I am having a problem accessing encrypted files that I restored after my HD crash. Can anyone help? Here is my scenario.

I had to install a new HD and WinXP Pro SP2. I created a user ID similar to my original ID (I may not have spelled my User Name exactly the same way) with Admin privileges. I then restored all my data files, the "Doc & Settings" folder, my Program Files folder, and the System State. Each of these are in a separate backup volume.

All seemed to go as anticipated until I tried to access my encrypted data files. The files are there and show colored "green" to indicate they are encrypted. When I try to open them I get an "Access Denied" error.

I am assuming that the Windows Encryption key is not there, or is not being recognized for my user ID because everything else seems to work (after reinstalling some of my applications).

Can anyone tell me which files need to be restored to get back my encryption key so it will work again? Or, is there a better way or a better sequence to restore my files so that WinXP will recognize the key and unlock the files?

I am getting desperate (panicky)! Thanks for any help.

 

Halo,

Thank you for your response and the MS link. I have read the referenced article.

As I read it, I am left with the feeling that restoring the entire OS and user profiles from my backups should get me access to the encrypted files. MS states that use of a key is not required to access the data, but can be used if other users (domain administrators or other security officers) will need to retrieve data.

I my logic for restoring these encrypted files flawed?

Here is my thinking: I used to access my data by simply logging on to WinXP with my user ID. I did not have to use a key, therefore all the necessary decryption data must have been resident on my computer HD. The article did not mention that any hardware information was used to create the encryption keys, therefore if I restore to a different HD I would not expect the encryption key data to be affected. Hence, recreating my same password and user ID appears to be all that is needed to restore the encrypted files so I can access them - after I restore the OS and other key files.

In fact, when I had to reformat my HD last month, I restored my computer and all seemed to work. My backup files were created by connecting my HD to another computer as a secondary drive and creating the backup from that computer. In this way my OS files were not in use and should have been copied intact. I included the c:\WINDOWS folder in the backup.

Now that I have installed a new HD I have not had the same success. So, I deduced that my latest restore process was flawed somehow.

In the future, I will indeed export my keys and certificates and keep them in a safe place so I can access this stuff more easily. Until then, I will again attempt to restore my computer to the condition it was prior to the new HD.

Thanks in advance for any insights.

 

Recreating a username and password may look and act like the same account to you, but WinXP determines user accounts based on a Security Identifier (SID), which changes with each new account creation. XP only deals with the SID and you only deal with the username.

Hope this explains things a little more for you.

 

Noahawk,

Thanks for the insight! It makes a lot of sense, especially based on my findings.

With this clue, I should be getting closer to figuring out which files I need to restore to get the original SID information back where it belongs so Windows can find it and unlock my data.

I am now suspect that my restore onto my new HD did not replace all files as I wanted. I may not have selected the correct Advanced features for the restore. I will try to restore again and make certain I replace all the system files in the C:\WINDOWS folder and in the Documents and Settings folder (assuming the SID data resides somewhere in these folders).

Now I see why you guys get the Big Bucks!

 

OK, I have satisfied my quest and successfully recovered my encrypted files after reinstalling WinXP Pro on a new HD!

My thanks to those that replied to this thread and to this forum for tips and suggested links that helped me formulate a successful plan.

I don't know precisely which files were involved, but here is what I did:

Before dumping my old HD, I connected it to another computer and made a backup of everything. This way, I felt I had all Windows files captured.

On my new HD, when I tried to restore these files using WINNT Back Up utility, many were skipped and I could not open the encrypted files. So, I decided I needed to use another computer to restore my old backups with all the files intact.

I first created a disk image of my new "OS and Program" partition on the new HD (so I could get it back again). Then, I connected my HD to another computer and reformatted my OS partition. Next, I restored my old files to that partition. I especially focused on the entire C:\WINDOWS directory, the entire "Documents and Settings" directory (with "ntuser.dat" and "ntuser.ini") except for the "My Documents" folder , the C:\Drivers folder and the c:\i386 folder (so that I could get it to reboot).

Then, I replaced the new HD in my computer and booted with the recovery CD into the Repair Console. I copied the "NTLDR" and "ntdetect.com" files from my CD to the c:\ directory and ran "fixboot" to create the boot directory.

I was then ready to boot from the restored HD partition using Safe Mode. (Since not all my programs were installed, I could not start up when I logged in after booting in Normal Mode.)

SUCCESS!!! After login in Safe Mode, I was able to access all my encrypted files (on another HD). I quickly decrypted these folders so I could access them with my new OS install.

I then restored my imaged OS and Programs partition to my HD and was back in business. Whew!!!

In the future, I will adopt the MS suggested practices and create EFS certificates and private keys for these encrypted files so that I can copy the encrypted files to any computer and use the keys to unlock them. The practices are described here: http://support.microsoft.com/kb/223316.

Live and Learn!