I am feeling your pain currently. Do not depend on Norton Ghost to save your
butt on this one since I am in your shoes after attempting to restore the
image with the original .cer and .pfx files which would have made this
simple.

The resource guide for XP leads the beginner to believe that these keys can
be recovered, but it sounds as though this definitely not the case and this
makes sense since I have been attempting to generate working certs for
several hours to no avail.
--
truth

"andivijay" wrote:

> Hi there,
>
> Well my problem is, one of my user have formated the win XP m/c
> without knowing that he had Encrypted folder with files encryped in
> it. Now my problem is, he has formated his C: drive and the files are
> in D: drive, and after the reinstallation of the M/c none of his files
> are opening, worst case, this M/c is a standalone m/c and I dont have
> a solution where i can decrypt his files for him. Please suggest me
> for the action.
>
> Vijay A
>
> --
> Posted using the http://www.windowsforumz.com interface, at author's request
> Articles individually checked for conformance to usenet standards
> Topic URL: http://www.windowsforumz.com/Securit...ict424267.html
> Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1420122
>

The Ghost image should work if the proper certificates are in the image. Pfx
files are the one that contain the EFS private key which is what is needed
to decrypt EFS files for the appropriate user or as a Recovery Agent. Pfx
files are also password protect the EFS private key. You can use efsinfo to
see what users and RA [if any] can decrypt the file and see the thumbprint
information of the certificates which can be helpful to make sure you have
the proper EFS certificate AND private key. The .cer files will not decrypt
any EFS file as they contain only the certificate and the public key. ---
Steve

http://support.microsoft.com/?kbid=243026 --- works the same for XP Pro
also.


"Tim" <Tim@discussions.microsoft.com> wrote in message
news:74C97955-235A-440D-83E6-389B55DD16A1@microsoft.com...
>I am feeling your pain currently. Do not depend on Norton Ghost to save
>your
> butt on this one since I am in your shoes after attempting to restore the
> image with the original .cer and .pfx files which would have made this
> simple.
>
> The resource guide for XP leads the beginner to believe that these keys
> can
> be recovered, but it sounds as though this definitely not the case and
> this
> makes sense since I have been attempting to generate working certs for
> several hours to no avail.
> --
> truth
>
> "andivijay" wrote:
>
>> Hi there,
>>
>> Well my problem is, one of my user have formated the win XP m/c
>> without knowing that he had Encrypted folder with files encryped in
>> it. Now my problem is, he has formated his C: drive and the files are
>> in D: drive, and after the reinstallation of the M/c none of his files
>> are opening, worst case, this M/c is a standalone m/c and I dont have
>> a solution where i can decrypt his files for him. Please suggest me
>> for the action.
>>
>> Vijay A
>>
>> --
>> Posted using the http://www.windowsforumz.com interface, at author's
>> request
>> Articles individually checked for conformance to usenet standards
>> Topic URL:
>> http://www.windowsforumz.com/Securit...ict424267.html
>> Visit Topic URL to contact author (reg. req'd). Report abuse:
>> http://www.windowsforumz.com/eform.php?p=1420122
>>

Well actually the image is corrupted from movement. Is there a way to peel
these out with some tool? Oddly enough the image was a dual boot of WIN 2K
and XP Pro and the WIN 2K will boot, while the WIN XP hangs at the welcome
screen forever.

Depending on NG I did not use ASR (stupid on my part) and I am fearful of
using console recovery tool since if I replace system files, I figured it may
wipe out my original security settings as well. (I have never had good luck
with recovery console since I do not know how to use it well. I wished that
MS had put the cipher command in it though as it would help right now.
--
truth


"Steven L Umbach" wrote:

> The Ghost image should work if the proper certificates are in the image. Pfx
> files are the one that contain the EFS private key which is what is needed
> to decrypt EFS files for the appropriate user or as a Recovery Agent. Pfx
> files are also password protect the EFS private key. You can use efsinfo to
> see what users and RA [if any] can decrypt the file and see the thumbprint
> information of the certificates which can be helpful to make sure you have
> the proper EFS certificate AND private key. The .cer files will not decrypt
> any EFS file as they contain only the certificate and the public key. ---
> Steve
>
> http://support.microsoft.com/?kbid=243026 --- works the same for XP Pro
> also.
>
>
> "Tim" <Tim@discussions.microsoft.com> wrote in message
> news:74C97955-235A-440D-83E6-389B55DD16A1@microsoft.com...
> >I am feeling your pain currently. Do not depend on Norton Ghost to save
> >your
> > butt on this one since I am in your shoes after attempting to restore the
> > image with the original .cer and .pfx files which would have made this
> > simple.
> >
> > The resource guide for XP leads the beginner to believe that these keys
> > can
> > be recovered, but it sounds as though this definitely not the case and
> > this
> > makes sense since I have been attempting to generate working certs for
> > several hours to no avail.
> > --
> > truth
> >
> > "andivijay" wrote:
> >
> >> Hi there,
> >>
> >> Well my problem is, one of my user have formated the win XP m/c
> >> without knowing that he had Encrypted folder with files encryped in
> >> it. Now my problem is, he has formated his C: drive and the files are
> >> in D: drive, and after the reinstallation of the M/c none of his files
> >> are opening, worst case, this M/c is a standalone m/c and I dont have
> >> a solution where i can decrypt his files for him. Please suggest me
> >> for the action.
> >>
> >> Vijay A
> >>
> >> --
> >> Posted using the http://www.windowsforumz.com interface, at author's
> >> request
> >> Articles individually checked for conformance to usenet standards
> >> Topic URL:
> >> http://www.windowsforumz.com/Securit...ict424267.html
> >> Visit Topic URL to contact author (reg. req'd). Report abuse:
> >> http://www.windowsforumz.com/eform.php?p=1420122
> >>
>
>
>

"Tim" <Tim@discussions.microsoft.com> wrote in message
news:FB84F592-A22C-427E-B1CE-EC6A3593B570@microsoft.com...
> Well actually the image is corrupted from movement. Is there a way to
> peel
> these out with some tool? Oddly enough the image was a dual boot of WIN
> 2K
> and XP Pro and the WIN 2K will boot, while the WIN XP hangs at the welcome
> screen forever.
>
> Depending on NG I did not use ASR (stupid on my part) and I am fearful of
> using console recovery tool since if I replace system files, I figured it
> may
> wipe out my original security settings as well. (I have never had good
> luck
> with recovery console since I do not know how to use it well. I wished
> that
> MS had put the cipher command in it though as it would help right now.
> --
> truth
>
>
> "Steven L Umbach" wrote:
>
>> The Ghost image should work if the proper certificates are in the image.
>> Pfx
>> files are the one that contain the EFS private key which is what is
>> needed
>> to decrypt EFS files for the appropriate user or as a Recovery Agent. Pfx
>> files are also password protect the EFS private key. You can use efsinfo
>> to
>> see what users and RA [if any] can decrypt the file and see the
>> thumbprint
>> information of the certificates which can be helpful to make sure you
>> have
>> the proper EFS certificate AND private key. The .cer files will not
>> decrypt
>> any EFS file as they contain only the certificate and the public
>> y. ---
>> Steve
>>
>> http://support.microsoft.com/?kbid=243026 --- works the same for XP Pro
>> also.
>>
>>
>> "Tim" <Tim@discussions.microsoft.com> wrote in message
>> news:74C97955-235A-440D-83E6-389B55DD16A1@microsoft.com...
>> >I am feeling your pain currently. Do not depend on Norton Ghost to save
>> >your
>> > butt on this one since I am in your shoes after attempting to restore
>> > the
>> > image with the original .cer and .pfx files which would have made this
>> > simple.
>> >
>> > The resource guide for XP leads the beginner to believe that these keys
>> > can
>> > be recovered, but it sounds as though this definitely not the case and
>> > this
>> > makes sense since I have been attempting to generate working certs for
>> > several hours to no avail.
>> > --
>> > truth
>> >
>> > "andivijay" wrote:
>> >
>> >> Hi there,
>> >>
>> >> Well my problem is, one of my user have formated the win XP m/c
>> >> without knowing that he had Encrypted folder with files encryped in
>> >> it. Now my problem is, he has formated his C: drive and the files are
>> >> in D: drive, and after the reinstallation of the M/c none of his files
>> >> are opening, worst case, this M/c is a standalone m/c and I dont have
>> >> a solution where i can decrypt his files for him. Please suggest me
>> >> for the action.
>> >>
>> >> Vijay A
>> >>
>> >> --
>> >> Posted using the http://www.windowsforumz.com interface, at author's
>> >> request
>> >> Articles individually checked for conformance to usenet standards
>> >> Topic URL:
>> >> http://www.windowsforumz.com/Securit...ict424267.html
>> >> Visit Topic URL to contact author (reg. req'd). Report abuse:
>> >> http://www.windowsforumz.com/eform.php?p=1420122
>> >>
>>
>>
>>

Too bad about the image being corrupt. Maybe trying to boot into Safe Mode
would be worth a try for the XP Pro operating system or a "upgrade/repair
install of it. If you can access the files in the XP Pro by booting to
Windows 2000 you might be able to recover the EFS private key from the XP
Pro install [it would be in the user's profile] but not by normal methods.
Microsoft paid support may be able to help or there is a program from
Elcomsoft may help. Elcomsoft has a free trial version that is limited in
that it can only recover very small files but it is very useful because it
can let you know if you can recover the EFS private key but you have the
added complication in that Windows 2000 will not be able to decrypt files
encrypted on XP Pro because of the stronger encryption method that XP Pro
uses. --- Steve

http://www.elcomsoft.com/aefsdr.html --- Elcomsoft link

"Tim" <Tim@discussions.microsoft.com> wrote in message
news:FB84F592-A22C-427E-B1CE-EC6A3593B570@microsoft.com...
> Well actually the image is corrupted from movement. Is there a way to
> peel
> these out with some tool? Oddly enough the image was a dual boot of WIN
> 2K
> and XP Pro and the WIN 2K will boot, while the WIN XP hangs at the welcome
> screen forever.
>
> Depending on NG I did not use ASR (stupid on my part) and I am fearful of
> using console recovery tool since if I replace system files, I figured it
> may
> wipe out my original security settings as well. (I have never had good
> luck
> with recovery console since I do not know how to use it well. I wished
> that
> MS had put the cipher command in it though as it would help right now.
> --
> truth
>
>
> "Steven L Umbach" wrote:
>
>> The Ghost image should work if the proper certificates are in the image.
>> Pfx
>> files are the one that contain the EFS private key which is what is
>> needed
>> to decrypt EFS files for the appropriate user or as a Recovery Agent. Pfx
>> files are also password protect the EFS private key. You can use efsinfo
>> to
>> see what users and RA [if any] can decrypt the file and see the
>> thumbprint
>> information of the certificates which can be helpful to make sure you
>> have
>> the proper EFS certificate AND private key. The .cer files will not
>> decrypt
>> any EFS file as they contain only the certificate and the public
>> y. ---
>> Steve
>>
>> http://support.microsoft.com/?kbid=243026 --- works the same for XP Pro
>> also.
>>
>>
>> "Tim" <Tim@discussions.microsoft.com> wrote in message
>> news:74C97955-235A-440D-83E6-389B55DD16A1@microsoft.com...
>> >I am feeling your pain currently. Do not depend on Norton Ghost to save
>> >your
>> > butt on this one since I am in your shoes after attempting to restore
>> > the
>> > image with the original .cer and .pfx files which would have made this
>> > simple.
>> >
>> > The resource guide for XP leads the beginner to believe that these keys
>> > can
>> > be recovered, but it sounds as though this definitely not the case and
>> > this
>> > makes sense since I have been attempting to generate working certs for
>> > several hours to no avail.
>> > --
>> > truth
>> >
>> > "andivijay" wrote:
>> >
>> >> Hi there,
>> >>
>> >> Well my problem is, one of my user have formated the win XP m/c
>> >> without knowing that he had Encrypted folder with files encryped in
>> >> it. Now my problem is, he has formated his C: drive and the files are
>> >> in D: drive, and after the reinstallation of the M/c none of his files
>> >> are opening, worst case, this M/c is a standalone m/c and I dont have
>> >> a solution where i can decrypt his files for him. Please suggest me
>> >> for the action.
>> >>
>> >> Vijay A
>> >>
>> >> --
>> >> Posted using the http://www.windowsforumz.com interface, at author's
>> >> request
>> >> Articles individually checked for conformance to usenet standards
>> >> Topic URL:
>> >> http://www.windowsforumz.com/Securit...ict424267.html
>> >> Visit Topic URL to contact author (reg. req'd). Report abuse:
>> >> http://www.windowsforumz.com/eform.php?p=1420122
>> >>
>>
>>
>>