Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

How can I recover files encrypted with Windows filesystem encryption?

It all started some months ago when I changed the properties of most of my
personal files to encrypted just because I thought they would be safe from
hackers. Of course as I don’t share my computer with anyone I could open and
edit them all I wanted without any trouble. I never really thought that
property was special in a functionable way.

Last week I took my computer to have a new hard disk added, in the new hard
disk Windows XP was installed and my old data was kept in my other hard disk,
remaining as a ‘slave’ (I think that’s the term). Unfortunately my main and
only user session was deleted. Now I’m stuck with an administrator user that
can’t change the properties of my files back to normal. I can’t listen to my
music nor edit my documents, I can’t even view my pictures. I’m so sad, I don’t
know how to fix this. I fear that there’s nothing I can do because, obviously,
creating a new user with the same old name won’t work as the files are now on
my old hard disk and I can’t move them to other location.

If there’s any solution regarding this case, I’ll be forever grateful. If
the solution involves programming skills I’m counting on my boyfriend who knows
about that stuff.

My gut reaction?

You are so screwed.

Sorry to be so blunt, but what you’re experiencing is one of the major
drawbacks of Windows’ built-in encryption.

I’ll throw out one straw to grasp at, but then I’ll explain why this
happened in the first place.

Become a Patron of Ask Leo! and go ad-free!

Here’s my one straw to grasp at: if this were my machine I would restore it
to its original configuration. By that I mean remove the new drive and set
the old drive to once again be the only drive and boot off of that. If the
drive hasn’t been altered, then you may be able to then login with your old account
and access your encrypted files.

If it turns out you can access them then back them up. Now. More on that in
a second.

“The greater chance is that you’re SOL: Severely Out of
Luck.”

If not, things get much more complicated, and I’m not at all hopeful that
you’ll be able to recover. Have your boyfriend or a technician check out the
Microsoft information on the encrypting file
system
, paying particular attention to the section on recovery. It’s highly
unlikely, but if the correct encryption keys can somehow be recovered there’s a
slim chance. A very slim chance.

The greater chance is that you’re SOL: Severely Out of Luck.

So why is that? What happened?

The key, both literally and figuratively, is that when files are encrypted
in Windows using the encrypting file system they use cryptographic keys that
are associated with the login account that created them. So if I’m logged into
my machine with a user account “Leo” and mark some files as encrypted, then
those files can only be decrypted when I’m logged into that “Leo” account.

The gut reaction when the login account disappears or is somehow
inaccessible is to create a new account with the same name. In other words if
my “Leo” login account disappeared, I’d just create a new account with the same
name.

Doesn’t work.

You can create the account with the same name, but it will not
be able to access the files encrypted under the previous account named “Leo”.
Even though they have the same name, they are still two different
accounts
. The cryptographic information associated with each is
different.

If the cryptographic information for the account that created an encrypted
file has been lost then there’s simply no way to recover the data.

You’re SOL.

I know that you used encryption on a lark, and that’s fine. Presumably this
has been an “interesting” lesson learned.

For those that really are looking to encrypt data, the problems that I’ve
described here are reasons that I never recommend using the encrypting file
system. It’s simply too easy to inadvertently lose your data. In my opinion it
also doesn’t really provide all the security you may think. Anyone can walk up
to your machine while you’re logged in and access your data, encrypted or not.
That may be enough and you may handle your physical security in such a way
that that’s not a risk, but it’s easily overlooked.

My recommendation is a tool like TrueCrypt. You can set up virtual drives containing encrypted data
that you use just like any other drive or filesystem. The encryption is tied
only to a password or passphrase – as long as you have that you can recover
your data, no matter what machine it’s on or where it’s located. TrueCrypt also
supports auto-dismount under various circumstances that can protect against the
walk-up access I mentioned above.

If you do end up using the encrypting file system, make sure to understand
and follow the recommendations for backing
up the cryptographic keys
. With those keys it should be possible to recover
encrypted data.

Lastly, and speaking of backup, all of this could have been a non-issue if
you had been backing up your data regularly. Imagine if your hard drive had
simply and irreparably died. Encrypted or not all, your data would be lost.

Unless, of course, you had a backup copy of it all.

Subscribe to Confident Computing! Tech problem solving & safety tips & a weekly confidence boost in your inbox every week.

I'll see you there!

10 Reasons Your Computer is Slow

Slow Computer?

Speed up with my special report: 10 Reasons Your Computer is Slow, now updated for Windows 10.

NOW: name your own price! You decide how much to pay -- and yes, that means you can get this report completely free if you so choose. Get your copy now!

17 comments on “How can I recover files encrypted with Windows filesystem encryption?”

  1. I ran into a situation similar to this as well. My solution was to use a linux boot disk to copy the files from the encrypted drive. The only downfall was linux can read from an NTFS drive but not write to one. Not a big problem for me because my files were not that large and I was able to use a flash drive with FAT. May be a problem with this situation since the majority of the files are music and pictures!

    Reply
  2. Actually, newer Linux distributions can write to NTFS. (I did so just last week.)

    However, I don’t see how Linux could read the encrypted filesystem. (Or is the filesystem not encrypted, and only the files themselves are? In which case, all you can do is read the raw, encrypted data from the files.) Linux can’t decrypt the data without the key any more than Windows can.

    Reply
  3. “Have your boyfriend or a technician check out the Microsoft information “

    My goodness Leo, I am normally not sensitive about such things, but this certainly seems to be a sexist comment. Why does one have to be male to understand Microsoft information? Is it written in a secret(male)language?

    On the whole, I enjoy your site and find it informative and interesting.

    Reply
  4. Judith,

    He suggested she ask her boyfriend because in her letter she wrote if this involved
    “programming skills” she would ask her boyfriend because he “knows about that stuff”. Whether she’s speaking of programming languages or normal computer tech skills who knows.

    Reply
  5. Actually I have encounted the same problems before. I use the knowledge from NT Server 4 to perform on the Windows XP Pro with the old system drive as the slave. You only have to reassign the encrypted files rights back to the system. Once the files are own by the system, create a new user and reassign all the files right to that new user. Login as that new user and you are already accessing your files!

    Reply
  6. There is a method that you did not even suggest and it is so simple that you would freak. True security on any computer is very difficult too acheive (not imposible) You can talk to the security experts to find out how simple it is.
    I do this on a regular basis and I do not want to give it away.

    Reply
  7. I have encrypted my file and after that i changed my operating system.After that when i try to open my encrypted file,it didn’t open.Said “Access is Denied”.You have no Permission,I have tryed so much but i cant open the file.
    Please I request to u Tell me some idea from which i could access my file. Bye……….

    If you used Windows built-in encryption, then it’s likely that you’re out of luck. See the article – it needs to be opened from the same user account, which was probably wiped out when you installed another OS.

    – Leo
    01-Nov-2008
    Reply
  8. I had the same situation, I had encrypted a folder containing more than 3GB data and when last week I restored my system drive from an image file, I found myself in a real nightmare: I could not able to access my old data! f..k you Microsoft, I told many times, after many hours searching, I come up with a great tools called Advanced EFS data Recovery, it saved my life. Its last edition can found any private key (you need them) from disk clusters (where that your last windows still stayed there) and decrypt your folders. It is very strightforward.

    Reply
  9. I just attempted to copy encrypted folders (and contents) to an NTFS USB drive using an Ubuntu Live CD. It would NOT copy the files. I will re-test with a FAT32 USB drive and see what happens. Ubuntu is of course a Linux based OS.

    Reply
  10. I have encypted a file that was actually hidden. And the file name was ” ” which means I renamed it ” ALT 0160 ” when you name a file this way nothing shows in the name space. + The file icon was invisible. Now I cant find my folder ): any clue ?

    Reply
  11. I’ve moved D drive folder files as new folder by using admin account called ‘Admin’ afther that i’h created a new admin account called ‘Hk admin’ and i’d delete the previous account using Hk admin account. After that i cannot open any document. And i cannot move or copy any file in the foler to any thing. And cant remane aslo. After that i’h restored the pc as previous date. But also in the folder any file can’t open and copy or move, rename. So please tell me how do i back can back to normal my files. Pls that is very important files i cannot open it. Pls help

    Reply
  12. Lol i accidently auto encrypted all my files… It was all fine and good until i changed my password i couldnt open anything….but i changed my password back and was able to gain access to my files again…idk i just thought id share

    Reply
  13. I bow to the expertise of Leo and others, but nobody’s mentioned the little jumper thingie connecting any 2 of many pins on the back of most hard discs. When I moved my old, 486 generation, 7 gigabyte drive into the handy slot in the new AMD Hammer with its 70 gigabyte c:\ drive, arguments commenced as to who was Primary Master.
    Solved by moving one jumper to persuade the old C:\ that it was now E:\ and Primary Slave.
    Leo, could the complainant do the reverse and tell his spiffy new C:\ drive it is primary slave? Long enough to access the older hard disk where the stuff he wants is, and back it up? By moving that jumper thingie?

    Reply
  14. Hello Mr.Leo, before i formatted my computer i drag my encryption file in a harddisk, after i formatted my computer, i try to drag back my encryption file into my formatted windows from the harddisk. However it cant open the encrytion file again, because it says i didnt have the administration permission. I thought i had formatted the old administration and now the encryption file didnt recognize my new administration. there were something important inside the encryption file and i thought i had screwed it up.Please help me, Please

    Reply
  15. My importent Excel files have been turned green and when I try to open them a message appears telling me that my files are encrypted. How I unencrypt the same and recover my data.Please help

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.