Lost permission to access file in D partition after reinstalling OS

MaloK said:

Ok, Copy that, I'm doing a test now.

I found this interesting article.

Decrypt EFS-encrypted files without a cert backup

I'm going to give it a try after the encryption finishes.

Yes, that might work if those files can be found in Windows.old!

Don't forget windows.old automatically deletes in 10 days unless the user changes it.

NavyLCDR said:

The files are encrypted at the folder and file level which has nothing to do with Bitlocker. Chasing a Bitlocker solution is going down a rabbit hole.

The only way to decrypt the files, if you don't work for the federal government, would be to restore the PKI certificate that was backed up by the user who encrypted the files. Taking ownership of the file won't help either.

Attachment 362527

Attachment 362528

Attachment 362529

That's exactly what I want to say, because I already included in my first post that I did try with both take ownership and running the command "cipher /d ..." approach and none of them worked.
I have a windows.old folder with my old user and it contains a encryption-related file at %USERPROFILE%\AppData\Roaming\Microsoft\SystemCertificates\. I tried to copy those from windows.old\users to my current users, and the certmgr.msc tool does show some information about the certifications.



It makes sense that the decryption still failed because it needs some kind of private key, which is connected to the old user and its password, and that's why the backup certificate created from old user is the only way. Unfortunately, I can't restore to previous windows version. It doesn't show up on my Settings > Update and Recovery. I just have the windows.old folder.
@MaloK mentions an article about decrypting without the certificate backup, what do you think about this approach?

- - - Updated - - -

MaloK said:

That seems a little bit harder than expected, loll...

Was able to sort it out...

The only thing I had to "remember" was my password used when encrypting the files.

Since this is not about cracking but file recovery I left that aside and used the /password: command in step 4 and...

The guide works flawlessly.

Once the certificate installed. The new machine is able to copy files from the encrypted folder without problems.

Awesome, I will try now. My user account is an online account, so which password do I need (offline password, PIN or Microsoft account?

It would be the account password used to log in windows. If the password is incorrect the command will fail with an error message.

MaloK said:

It would be the account password used to log in windows. If the password is incorrect the command will fail with an error message.

Following your guide, I failed at 2 steps:
Step 1, I could retrieve the certificate thumbprint, but it didn't match with the only one file that I have on SystemCertificates folder
Step 5, I couldn't decrypt my master key, though I typed the correct password (anything that I could use to sign in on the old user).
I decided to stop since there is something wrong from the step 1. I only have 1 key on the SystemCertificates and it didn't match with the one from my encrypted files. However, your guide is pretty useful for other users, so I will mark it solved with that solution.

Thank you all of you guys for helping me troubleshooting this hard problem, not only common advice that I can find from the internet, but also the real solution that explained what happened in the most practical way.
Thank you once again.

If you want to you can PM me the files required and your password, I can try to make a certificate for you.

I say that, but I don't really know how important the files you are going to loose are for you... If it's all stuff that you can gather back with time. And nothing really important is at stake. Just delete all partitions on it and reformat to be usable.

Edit as a side note: I had to try with a couple files for step 1 to succeed.. Some files where not working. don't know why.