Decrypting EFS Encrypted Files

we have user "magically" encrypted lot of files on our main file share using efs, , i'm struggling decrypt these files.

what happening on every single file getting "access denied" message when attempting decrypt file - i've taken ownership , assigned administrator (my user) full control.

steps i've taken:

1. logged on user, onto pc , tried decrypt way - no joy
2. logged onto users pc, administrator - same issue
3. looked exporting recovery key present on every file, exported pfx, imported (check thumbprints match) still access denied message - tried on our dc , our main file server

i'm running out of ideas appreciated go here.

p.s backup's unfortunately aren't option issue wasn't noticed until around 3 weeks after fact things encrypted.

hi,

here main success scenario efs decryption:

1. trigger: file owner requests decrypt encrypted file using admin tool.

2. the admin tool requests admin client establish communication channel efs service of storage services protocols.

3. the admin client contacts efs service query information keys used encrypt file using efsrpcfilekeyinfo method, described in [ms-efsr] section 3.1.4.2.12.

4. the efs service responds required keys information.

5. the admin client contacts efs service decrypt file using efsrpcdecryptfilesrv method, described in [ms-efsr] section 3.1.4.2.6.

6. the efs service decrypts requested file.

please make sure preconditions:

1.the file owner user has identified encrypted file required decrypted.

2.the file owner user has required efs certificates.

3.the efs service running(server side).

---

best regards
cartman
please remember mark replies answers if help. if have feedback technet subscriber support, contact tnmff@microsoft.com

Windows Server  >  Security