Recipe 19.11. Recovering and Decrypting an Encrypted File or Folder

Previous page
Table of content
Next page

Problem

You need to recover and/or decrypt a file that was encrypted using Windows XP's encrypted file system (EFS) technology.

Solution

Using a graphical user interface

You must be a designated recovery agent to decrypt a file. To view the recovery agents for an object:

  1. Log in as the owner of the encrypted object.

  2. Right-click the object and select Properties.

  3. Click the Advanced button, which opens the Advanced Attributes dialog box.

  4. Click the Details button to bring up the Encryption Details box.

  5. The recovery agents for the specified object are listed in the bottom box.

To decrypt a file or folder, follow these steps:

  1. Right-click the file or folder to encrypt, and then select Properties.

  2. Navigate to the General tab, and then click the Advanced button.

  3. Uncheck the Encrypt contents to secure data checkbox, and then click OK.

Using a command-line interface

To decrypt a folder, use the following command:

> cipher /d <Foldername>

To decrypt a single file within a directory, use the following command:

> cipher /d /a <Filename>

To decrypt a single file for which you are the recovery agent, use the following command:

> cipher /u /a <Filename>

Discussion

It can be somewhat disconcerting that, in an emergency or recovery situation, encrypted files can be decrypted by someone other than the user who encrypted the file originally. This is actually a feature, and it really is quite secure. When they are created, designated user accounts, called recovery agent accounts, are issued recovery agent certificates with public keys and private keys. These are used for EFS data recovery operations. The Windows user accounts that function as recovery agent accounts can be designated by a GPO or a local security policy object (under Security Settings\Public Key Policies\Encrypting File System), depending on the machine's participation in a domain. By default, they are the highest-level administrator accounts available. Depending on the network environment of a particular machine, this is either the local administrator or the domain administrator for the first domain controller installed in the domain. The private key from the appropriate agent certificate must be located on the computer where recovery operations are to be conducted.

When a recovery agent certificate is issued, the certificate and private key are installed in the user profile for the user account that requested the certificate. An EFS file can contain more than one recovery agent account, and each EFS file can have a different private key. However, data recovery discloses only the encrypted data, not the user's private key or any other private keys for recovery. This ensures that no other private information is revealed to the recovery agent administrator unintentionally.

See Also

MS KB 255742, "Methods for Recovering Encrypted Files," and MS KB 308993, "How to Remove Encryption in Windows XP"


Previous page
Table of content
Next page
Windows XP Cookbook
Windows XP Cookbook (Cookbooks)
ISBN: 0596007256
EAN: 2147483647
Year: 2006
Pages: 408
Authors: Robbie Allen, Preston Gralla
BUY ON AMAZON
Crystal Reports 9 on Oracle (Database Professionals)
SQL Tips & Techniques (Miscellaneous)
Oracle Developer Forms Techniques
Java How to Program (6th Edition) (How to Program (Deitel))
Microsoft WSH and VBScript Programming for the Absolute Beginner
Special Edition Using FileMaker 8
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy