It all started some months ago when I changed the properties of most of my
personal files to encrypted just because I thought they would be safe from
hackers. Of course as I don’t share my computer with anyone I could open and
edit them all I wanted without any trouble. I never really thought that
property was special in a functionable way.
Last week I took my computer to have a new hard disk added, in the new hard
disk Windows XP was installed and my old data was kept in my other hard disk,
remaining as a ‘slave’ (I think that’s the term). Unfortunately my main and
only user session was deleted. Now I’m stuck with an administrator user that
can’t change the properties of my files back to normal. I can’t listen to my
music nor edit my documents, I can’t even view my pictures. I’m so sad, I don’t
know how to fix this. I fear that there’s nothing I can do because, obviously,
creating a new user with the same old name won’t work as the files are now on
my old hard disk and I can’t move them to other location.
If there’s any solution regarding this case, I’ll be forever grateful. If
the solution involves programming skills I’m counting on my boyfriend who knows
about that stuff.
My gut reaction?
You are so screwed.
Sorry to be so blunt, but what you’re experiencing is one of the major
drawbacks of Windows’ built-in encryption.
I’ll throw out one straw to grasp at, but then I’ll explain why this
happened in the first place.
Become a Patron of Ask Leo! and go ad-free!
Here’s my one straw to grasp at: if this were my machine I would restore it
to its original configuration. By that I mean remove the new drive and set
the old drive to once again be the only drive and boot off of that. If the
drive hasn’t been altered, then you may be able to then login with your old account
and access your encrypted files.
If it turns out you can access them then back them up. Now. More on that in
If not, things get much more complicated, and I’m not at all hopeful that
you’ll be able to recover. Have your boyfriend or a technician check out the
Microsoft information on the encrypting file
system, paying particular attention to the section on recovery. It’s highly
unlikely, but if the correct encryption keys can somehow be recovered there’s a
slim chance. A very slim chance.
The greater chance is that you’re SOL: Severely Out of Luck.
So why is that? What happened?
The key, both literally and figuratively, is that when files are encrypted
in Windows using the encrypting file system they use cryptographic keys that
are associated with the login account that created them. So if I’m logged into
my machine with a user account “Leo” and mark some files as encrypted, then
those files can only be decrypted when I’m logged into that “Leo” account.
The gut reaction when the login account disappears or is somehow
inaccessible is to create a new account with the same name. In other words if
my “Leo” login account disappeared, I’d just create a new account with the same
You can create the account with the same name, but it will not
be able to access the files encrypted under the previous account named “Leo”.
Even though they have the same name, they are still two different
accounts. The cryptographic information associated with each is
If the cryptographic information for the account that created an encrypted
file has been lost then there’s simply no way to recover the data.
I know that you used encryption on a lark, and that’s fine. Presumably this
has been an “interesting” lesson learned.
For those that really are looking to encrypt data, the problems that I’ve
described here are reasons that I never recommend using the encrypting file
system. It’s simply too easy to inadvertently lose your data. In my opinion it
also doesn’t really provide all the security you may think. Anyone can walk up
to your machine while you’re logged in and access your data, encrypted or not.
That may be enough and you may handle your physical security in such a way
that that’s not a risk, but it’s easily overlooked.
My recommendation is a tool like TrueCrypt. You can set up virtual drives containing encrypted data
that you use just like any other drive or filesystem. The encryption is tied
only to a password or passphrase – as long as you have that you can recover
your data, no matter what machine it’s on or where it’s located. TrueCrypt also
supports auto-dismount under various circumstances that can protect against the
walk-up access I mentioned above.
If you do end up using the encrypting file system, make sure to understand
and follow the recommendations for backing
up the cryptographic keys. With those keys it should be possible to recover
Lastly, and speaking of backup, all of this could have been a non-issue if
you had been backing up your data regularly. Imagine if your hard drive had
simply and irreparably died. Encrypted or not all, your data would be lost.
Unless, of course, you had a backup copy of it all.