Skepticals Sep 13, 2006   8:55 AM GMT

It was not part of a domain. Is there another way of recovering the files?

0 pointsBadges:

Secprotn Sep 13, 2006   11:13 AM GMT

If you are using EFS with certificates issued to the user from an internal CA, you should have defined key archival for the issued certifcates. If you did, the user's EFS key can be recovered from the CA and then imported to another computer. That computer would then have the saem access as the user that encrypted the file. When you look at the properties of the file under Details->Advanced, it will tell you the keys that can decrypt the file. Any of the keys listed could be used to decrypt

0 pointsBadges:

Skepticals Sep 13, 2006   11:19 AM GMT

secprotn, I can't even right click and goto properties on these files; the computer locks up for awhile. Do you think the files may be corrupt?

0 pointsBadges:

Mortree Sep 14, 2006   0:07 AM GMT

First question: Have considered that the file is simply corrupt? The second question is -- was the encryption done with XP EFS? If this encrytion was done with domain certificates you can try logging with the user domain account for automatic decryption. Might have to reset a pasword. Also an EFS file should have automatically decrypted when moving over the network to the file server and to the new client computer. So there may be the case that the file on the server might not even have been encrypted at that point. In any case look at older backup tapes for an uncorrupted copy. Or even the server recovery bin if it hasn't bee too long. In any case when moving it to its final destination, the user would have had to reencrypt the file manually or by copying it to a folder with encryption set. Chances are the encryption key is off the domain account or worst case on the current local machine. You can try the Recovery Agent process either of the Domain or the local machine. Note: If the file server is set for encryption by remote clients (Computer Trusted for Delegation unless it is WebDAV server), the file might might have been reencrypted. But I am pretty sure that uses Domain User account certificate info rather than local computer keys as could well have been the case before. Do you still have the user account? Well there is still the Domain Designated recovery agent procedure if you have a tape copy.

0 pointsBadges:

Mortree Sep 14, 2006   0:13 AM GMT

Oooh! on reading again -- yes corrupt. In fact you might want to do a checkdisk because it sounds like directory level problems. I originally thought you were talking lock up only with Excel...though I thought Excel would detect encryption and prompt you about it (provide acocunt with permissions). But on a bright note it sounds like your user had to rely on local encryption. Therefore the copy stored on file server is almost certainly unecrypted -- all assuming he was relying on EFS instead of some non-Microsoft solution like PGP. So go locate a backup tape or the Recycle Bin for that folder.

0 pointsBadges: