|21 Jan 2013||#1|
| || |
Windows EFS files unreadible after interrupted decryption process
Before I start. This is not your usual "I was careless and didn't back up my certificates" type thread. I consider myself a fairly disciplined user having worked with Windows EFS for a while and trusted it immensely (well not any more!). I haven't changed any passwords, machines or lost my certs.
So the background, I had about 40 GBs of Windows encrypted files on my C: drive. The files are mostly 2 - 4GB each. As I needed to install a new program that required the space, I temporarily moved them to my external hard drive which just happened to be BitLocker enabled.
The copy was fine and the files arrived on the other side as encrypted. However, something then posessed me to decrypt them (Perfectly normal but in hindsight I didn't need to). Windows brought up the progress indicator and told me it would take about 20 hours! Strange I thought, it normally takes 15 minutes tops for that many files (could this be due to BitLocker?) So I waited an hour hoping to see a reduction on the original estimate. It didn't and stayed at 20 hours. Sensing a problem, I hit cancel and then waited another hour while nothing happened. I had to unplug my laptop and leave the hotel so just shut down the machine.
When I next powered up the machine, I realised that although the files were showing as being encrypted (green) I could not move them back "Access denied". I've reset NTFS permissions, tried to take ownership (all which are successful) but the file cannot be moved or copied back to it's original location and neither can I read it. Although strangely, I am allowed to rename the files still.
I enabled the showing of all system files and noticed the EFS.tmp files left behind. The existence of these should be proof that any decryption changes should not have been committed to my actual files a they are only deleted once changes have been successfully applied, however my files have still been manipulated despite decryption failing. So it looks like interrupting the decryption process has rendered them totally useless. I've interrupted things like that in the past but this is the first time I've done it on a BitLocker enabled drive.
So where to from here?
There is no avenue for me to explore. I have the encryption keys but the files are behaving like I don't have any NTFS permissions to them.
Thanks for any suggestions you might have.
|My System Specs|| |
|Similar help and support threads for: Windows EFS files unreadible after interrupted decryption process|
|Is there an automatic temp files clean-out process in Windows 7?||Performance & Maintenance|
|Bitlocker Decryption On Win 7 Pro||System Security|
|Delete interrupted, now space locked but files gone||General Discussion|
|Windows 7 Update interrupted||Installation & Setup|
|Windows Update interrupted and now cannot boot laptop||Windows Updates & Activation|