New
#1
EFS Encryption nightmare (new certificate removing old private keys?)
I'm working on my sister's computer (Windows 7 Pro x64) for her (I'm not a professional IT tech in any sense of the word, she just asked for help because I've been able to fix stuff for her before), she has a very weird problem that I'm very concerned is unfixable and would really, really appreciate any help with.
So, when she bought the computer a few years ago, she was told from someone at the store all about Windows 7 encryption service, and how easy and effective it was. She had some files on the computer she considered really important (she said it's for her art which she does as a part-time job) that she didn't want to lose in case of hacking/whatever so she encrypted them. So far as she can remember, she never backed up the key (and, of course, no backups in general).
A few days ago, she got a notification in the system tray talking about encryption and that she should backup the certificate. She said that she went through it and it ended up exporting a .pfx key file, which I have found on the computer. The problem is, immediately after this happened, all of her encrypted files no longer gave her access. Going into certmgr.msc, I'm seeing that she has not one but three certificates for encryption, one dating from when she first set it up after buying, the others from a few days ago when she had the problem/followed the menu. Unless I'm misunderstanding something, it looks like she set up a new certificate when she went through the system tray notification and that somehow removed the function of the previous "actual" certificate all her files have. My hope was that I could just get a private key for the "actual" certificate and decrypt everything, but when going to export them the private key option is greyed out in the wizard.
I've been working on this for quite a while now and would really like to get some results as my sister is extremely upset. I've tried the command line prompts outlined here (Cleaning up the Mess Left Behind by Multiple EFS Certificates • Helge Klein) and have tried the trial version of Advanced EFS Data Recovery but it just has a Not Responding crash on the decrypting key section (which is extremely frustrating, as I have the user password and was hoping that would be a potential fix). I've also tried system restore to a point before any certificates were made, but I get a (0x80070005) error (there's no antivirus, and I've tried in safe mode).
I'm writing this more than a little sleep deprived, so if anything doesn't make sense but you think you can help please just ask.