Decrypting files protected by EFS

[badman89]

Hi,
I seem to have many files on my comp. that are encrypted....i really dont know how....mayb by accident
but anyway i reinstalled windows a couple of days ago and in the process obviously created a different user........now i am not able to access any of the files that are encrypted.
i am the administrator currently..... although not the same user that encrypted the files (because i reinstalled windows...user changed) ...is there any way for me to decrypt the files?
i'v tried using cipher to do it.....but it just says access is denied. i did not backup any certificates because i had no idea the files were encrypted.
ANY help at all plz ?
is there anyway i can give myself priveleges to access all files or something like that? since i'm the admin

 

[Osiris]

http://www.crackpassword.com/products/prs/mswin/efs/

http://www.ntfs.com/issues-encrypted-files.htm

http://www.password-crackers.com/crack3.html

 

[badman89]

thanks warezmonster...........but all of those require me to have the key somewhere on my comp.........which i dont

 

[office politics]

from http://www.microsoft.com/resources/...server/reskit/en-us/distrib/dsck_efs_ciiw.asp

Data Recovery System
Encrypting a file always raises a risk that it cannot be read again. The owner of the private key might leave the enterprise. If disgruntled, the owner might maliciously encrypt all of his or her files before leaving. Worse yet, he or she might encrypt critical shared files so that no one else can use them. For this reason, EFS is designed to be used only if the system is configured with one or more recovery agent administrators.

Designated user accounts, called recovery agent accounts, are issued recovery agent certificates with public keys and private keys that are used for EFS data recovery operations. Recovery agent accounts are designated by EFS recovery policy. By default, the recovery agent account is the highest-level Administrator account. On a stand-alone computer, this is the local Administrator. In a domain, the domain Administrator for the first domain controller installed in the domain is the default recovery agent account for all computers in the domain. Different recovery agent accounts can be assigned by changing EFS recovery policy, and different recovery policies can be configured for different parts of an enterprise. The private key for a recovery agent account must be located on the computer where recovery operations are to be conducted.

When a recovery agent certificate is issued, the certificate and private key are installed in the user profile for the user account that requested the certificate. You also have the option to export the recovery agent certificate and private keys to store them in archives or to transfer the certificate and private key to other user accounts and computers.

There can be more than one recovery agent account for an EFS file, each with a different private key. Data recovery discloses only the encrypted data, not the user's private key that was used to encrypt the bulk encryption key or any other private keys for recovery. This ensures that no other private information is revealed to the recovery agent administrator accidentally.

If you choose to configure an EFS recovery policy with no recovery agent certificates, EFS is disabled. Because of this feature, you cannot normally use EFS to encrypt data so it cannot be recovered — whether the encryption is done through accident or through malice. However, you could later destroy the private key for recovery to prevent data recovery.

 

[EricB]

take back ownership in safe mode or in file sharing