Decrypting Windows XP encrypted files from an old disk

0

I had an old Windows XP machine with an encrypted directory. When moving to a new Win7 machine I connected the old disk as a slave in the new machine, and hence cannot access the encrypted files.

Chances don't seem good as documentation warns you: "Do not Delete or Rename a User's account from which will want to Recover the Encrypted Files. You will not be able to de-crypt the files using the steps outlined above."

On the other hand, I have full access to the machine, so maybe there's a utility which can extract the keys and use the to decrypt the files... BTW, I didn't have a password in the old machine, if it's relevant.

Ideas, anyone? Thanks!

Uri Cohen

Posted 2011-02-05T14:02:21.440

Reputation: 63

Answers

1

It shouldn't be that hard if you have access to the old machine. Full guide here MSKB:887414.

If you have full access to the old machine, log in as the user who encrypted the files, export the key and import it in to your new machine, restart and you should be able to access all encrypted files.

William Hilsum

Posted 2011-02-05T14:02:21.440

Reputation: 111 572

Thanks! So I must boot from the old disk? It is likely not to work, the old OS will wake up in completely new HW. Perhaps there's a way to avoid that? – Uri Cohen – 2011-02-05T14:13:35.533

It should work. The old disk will just discover "new" hardware and will do its best to install the corresponding necessary driver (there's no fundamental difference if you had "added" new hw one by one to your old pc. All indispensable hw devices (screen, kbd, bridges, disks) are likely to be discovered, identified and installed without problems. – Alain Pannetier – 2011-02-05T14:19:21.940

Sorry, I mis understood what you meant by having full access to the machine. I am not aware / never tried an offline recovery of the key files, but there must be a way. Just found this page - you may want to read... http://www.beginningtoseethelight.org/efsrecovery/

– William Hilsum – 2011-02-05T14:21:06.147

@Alain Pannetier - Unless a Sysprep /genralise was done, it is unlikely to work if any critical hardware component has changed. – William Hilsum – 2011-02-05T14:22:58.077

We're saying the same thing. I had to do it at least twice and all major HW components were recognised (disks, cds, usb, kbd, screens basic interfaces being really standard). Of course they were a number of question marks in the device manager explorer. That's largely enough to boot and export the encryption key. – Alain Pannetier – 2011-02-05T14:45:14.087

Asked: 2011-02-05T14:02:21.440

Viewed: 2 367 times

Active: 2015-10-07T08:28:34.473