Methods for Recovering Encrypted Data Files

Article ID: 255742 - View products that this article applies to.
This article was previously published under Q255742
Notice
This article applies to Windows 2000. Support for Windows 2000 ends on July 13, 2010. The Windows 2000 End-of-Support Solution Center
(http://support.microsoft.com/?scid=http%3a%2f%2fsupport.microsoft.com%2fwin2000)
is a starting point for planning your migration strategy from Windows 2000. For more information see the Microsoft Support Lifecycle Policy
(http://support.microsoft.com/lifecycle/)
.
Expand all | Collapse all

SUMMARY

This article describes methods for recovering data that was encrypted with the Encrypting File System (EFS) if the private key for the user who encrypted the files is lost or destroyed.

MORE INFORMATION

If your computer is a member of a Windows 2000-based domain and you encrypted the files by using a domain user account, your encrypted files can be recovered by the EFS Recovery Agent for your domain. There are two methods for determining who the Recovery Agent is:
  • Contact your system administrator.
  • If you have access to the Microsoft Windows 2000 Resource Kit, you can use the Efsinfo utility to determine who the designated Recovery Agent is for a given file or set of files.For additional information about the Efsinfo tool, click the article number below to view the article in the Microsoft Knowledge Base:
    243026
    (http://support.microsoft.com/kb/243026/EN-US/ )
    Using Efsinfo.exe to Determine Information About Encrypted Files
If your computer is not a member of a Windows 2000-based domain (it is a stand-alone server or a member of a Microsoft Windows NT 4.0-based domain), your local, built-in Administrator account may be the designated Recovery Agent for any users of your computer. To be able to recover encrypted information on a computer in this case, you must have backed up the Recovery Agent's private key before the loss of the key. For more information about using EFS and backing up and restoring the Recovery Agent's private key, see the following articles in the Microsoft Knowledge Base:
223316
(http://support.microsoft.com/kb/223316/EN-US/ )
Best Practices for Encrypting File System
241201
(http://support.microsoft.com/kb/241201/EN-US/ )
HOW TO: Back Up Your Encrypting File System Private Key in Windows 2000
Other EFS-related information is available on the following Microsoft Web site:
http://www.microsoft.com/technet/security/prodtech/windows2000/w2kccadm/dataprot/w2kadm21.mspx
(http://www.microsoft.com/technet/security/prodtech/windows2000/w2kccadm/dataprot/w2kadm21.mspx)
NOTE: If you do not have access to a Recovery Agent's account with a valid recovery key, you cannot recover the data. There is no workaround in EFS.

Properties

Article ID: 255742 - Last Review: March 27, 2007 - Revision: 3.6
APPLIES TO
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
Keywords: 
kbefs kbinfo KB255742
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top