Here is the situation.
I have a client who took an encrypted file from their workstation and put it on a file server. They then copied the file to a new laptop. The old workstation has been formatted. The problem is, the Excel file that was encryped locks up the computer anytime the user tries to open the file. Even if I right click and goto properties, the computer locks up.
To my knowledge, only the user that encrypted the files can unencrypt them or open them. Is this the case? Is there a way aound this?
If you are using EFS with certificates issued to the user from an internal CA, you should have defined key archival for the issued certifcates. If you did, the user's EFS key can be recovered from the CA and then imported to another computer. That computer would then have the saem access as the user that encrypted the file.
When you look at the properties of the file under Details->Advanced, it will tell you the keys that can decrypt the file. Any of the keys listed could be used to decrypt
First question: Have considered that the file is simply corrupt?
The second question is -- was the encryption done with XP EFS?
If this encrytion was done with domain certificates you can try logging with the user domain account for automatic decryption. Might have to reset a pasword.
Also an EFS file should have automatically decrypted when moving over the network to the file server and to the new client computer. So there may be the case that the file on the server might not even have been encrypted at that point. In any case look at older backup tapes for an uncorrupted copy. Or even the server recovery bin if it hasn't bee too long.
In any case when moving it to its final destination, the user would have had to reencrypt the file manually or by copying it to a folder with encryption set. Chances are the encryption key is off the domain account or worst case on the current local machine. You can try the Recovery Agent process either of the Domain or the local machine.
Note:
If the file server is set for encryption by remote clients (Computer Trusted for Delegation unless it is WebDAV server), the file might might have been reencrypted. But I am pretty sure that uses Domain User account certificate info rather than local computer keys as could well have been the case before. Do you still have the user account? Well there is still the Domain Designated recovery agent procedure if you have a tape copy.
Oooh! on reading again -- yes corrupt. In fact you might want to do a checkdisk because it sounds like directory level problems. I originally thought you were talking lock up only with Excel...though I thought Excel would detect encryption and prompt you about it (provide acocunt with permissions).
But on a bright note it sounds like your user had to rely on local encryption. Therefore the copy stored on file server is almost certainly unecrypted -- all assuming he was relying on EFS instead of some non-Microsoft solution like PGP.
So go locate a backup tape or the Recycle Bin for that folder.
Discuss This Question: 5  Replies