ProblemYou need to recover and/or decrypt a file that was encrypted using Windows XP's encrypted file system (EFS) technology. SolutionUsing a graphical user interfaceYou must be a designated recovery agent to decrypt a file. To view the recovery agents for an object:
To decrypt a file or folder, follow these steps:
Using a command-line interfaceTo decrypt a folder, use the following command: > cipher /d <Foldername> To decrypt a single file within a directory, use the following command: > cipher /d /a <Filename> To decrypt a single file for which you are the recovery agent, use the following command: > cipher /u /a <Filename> DiscussionIt can be somewhat disconcerting that, in an emergency or recovery situation, encrypted files can be decrypted by someone other than the user who encrypted the file originally. This is actually a feature, and it really is quite secure. When they are created, designated user accounts, called recovery agent accounts, are issued recovery agent certificates with public keys and private keys. These are used for EFS data recovery operations. The Windows user accounts that function as recovery agent accounts can be designated by a GPO or a local security policy object (under Security Settings\Public Key Policies\Encrypting File System), depending on the machine's participation in a domain. By default, they are the highest-level administrator accounts available. Depending on the network environment of a particular machine, this is either the local administrator or the domain administrator for the first domain controller installed in the domain. The private key from the appropriate agent certificate must be located on the computer where recovery operations are to be conducted. When a recovery agent certificate is issued, the certificate and private key are installed in the user profile for the user account that requested the certificate. An EFS file can contain more than one recovery agent account, and each EFS file can have a different private key. However, data recovery discloses only the encrypted data, not the user's private key or any other private keys for recovery. This ensures that no other private information is revealed to the recovery agent administrator unintentionally. See AlsoMS KB 255742, "Methods for Recovering Encrypted Files," and MS KB 308993, "How to Remove Encryption in Windows XP" |