This article describes methods for recovering data that was
encrypted with the Encrypting File System (EFS) if the private key for the user
who encrypted the files is lost or destroyed.
If your computer is a member of a Windows 2000-based domain
and you encrypted the files by using a domain user account, your encrypted
files can be recovered by the EFS Recovery Agent for your domain. There are two
methods for determining who the Recovery Agent is:
| • | Contact your system administrator. |
| • | If you have access to the Microsoft Windows 2000 Resource
Kit, you can use the Efsinfo utility to determine who the designated Recovery
Agent is for a given file or set of files.For
additional information about the Efsinfo tool, click the article number below
to view the article in the Microsoft Knowledge Base: 243026 (http://support.microsoft.com/kb/243026/EN-US/) Using Efsinfo.exe to Determine Information About Encrypted Files
|
If your computer is not a member of a Windows 2000-based domain
(it is a stand-alone server or a member of a Microsoft Windows NT 4.0-based
domain), your local, built-in Administrator account may be the designated
Recovery Agent for any users of your computer.
To be able to recover encrypted information on a computer in
this case, you must have backed up the Recovery Agent's private key before the
loss of the key. For more information about using EFS and backing up and
restoring the Recovery Agent's private key, see the following articles in the
Microsoft Knowledge Base:
223316 (http://support.microsoft.com/kb/223316/EN-US/) Best Practices for Encrypting File System
241201 (http://support.microsoft.com/kb/241201/EN-US/) HOW TO: Back Up Your Encrypting File System Private Key in Windows 2000
Other EFS-related information is available on the
following Microsoft Web site:
NOTE: If you do not have access to a Recovery Agent's account with a
valid recovery key, you cannot recover the data. There is no workaround in EFS.
Help and Support
Back to the top
