| By Mark Joseph Edwards |
Protecting your privacy isn’t always easy — or cheap.
Recover files encrypted with Windows EFS
Microsoft provides a built-in way of encrypting files and folders, called the Encrypting File System (EFS) on Windows 2000 and newer operating systems. But you have to be careful when using it. Otherwise, you might find yourself unable to access your encrypted data.
Reader Randy Brook might have this problem soon, if he doesn’t take precautions:
- "A power failure fried my old motherboard. My hard drive, which runs Windows XP Pro, has some large encrypted folders that weren’t hurt. However, because my machine is old, I’ll probably get a new one. I likely will not be able to boot up with the old drive.
I fear that even if I set up the new machine with the same logon name and password, the encryption code will be different and I won’t be able to recover my data. Am I correct? If so, this is a tremendous risk in using MS’ built-in encryption, as opposed to PGP or something similar. I don’t remember XP giving me any warning of this when I started uaing encryption folders.
To guard against losing the certificate, you can create a data recovery agent (DRA), as explained at Microsoft TechNet. The DRA can be used to recover files encrypted by you or another user, in the event of an emergency.
If you haven’t created a data recovery agent, you might find yourself out of luck if you reinstall the operating system. The reason, as Randy suspected, is that the encryption certificate will be changed during the installation process — even if you use the same username and password.