Today’s user guide is designed to help you when you receive a windows error about recovering an encrypted file system.

Import your certificate to your computer. In Windows Explorer, right-click on a file or encrypted file and select Properties. Click the Advanced button. Clear the Encrypt content returned as protected data check box and click OK.

This article explains how to return the Agent Recovery Encrypting File System (EFS) private key to your computer.

Applies to: Windows 7 SP1, Windows Server 2012 R2
Original KB Number: 241201


How can you recover a file encrypted using EFS?

To recover files and versions from an encrypted volume, launch EFS Recovery and enter the volume’s recovery key. If the keyh matches, the real product will automatically scan the BitLocker volume to find all recoverable data and folders, and to detect and repair computer file system errors if this option is selected.

Use the recovery agent’s private key to restore the guide in situations where the copy containing the EFS private key, which may be on the local computer, may be lost. This article containsinformation on how to use the Certificate Export Wizard to export the Recovery Broker private key from a computer that experts believe is a member of a Windows Server 2003-based workgroup, Windows 2000-based Windows Server 2008-based, also known as a domain controller on based on Windows Server 2008 R2.


This article describes how to generate a private key for the Recovery Agent Encrypting File System (EFS) on Windows Server 2003, Windows 2000, Windows XP, Windows Vista, Windows 7, Windows Server 2008, and therefore on Windows Server 2008 R2 . You can use the recovery agent’s private key to recover data in cases where the copy of the EFS private key located on the local computer is lost.

Sometimes you may want to encrypt your data folders with EFS to prevent unauthorized access. EFS allows you to use a dynamically generated encryption key to encrypt a file. The File Encryption Key (FEK) is password protected, the EFS public key is appended to the file and is an EFS attribute called the Data Decryption Field (DDF). To decipher the FEK I would say,that you need to have the corresponding EFS private key from the actual private public key pair. If you need to decrypt the FEK, you can use the FEK type to decrypt the file.

If this EFS private key is lost, users can directly use the recovery agent to recover encrypted files. Each time a file is encrypted, the FEK is also encrypted using the agent’s public recovery key. The encrypted FEK is attached to the file using the encrypted copy and your EFS public key in this data recovery field (DRF). If buyers use the recovery agent’s private master factor, they can decrypt the FEK, not to mention the decryption file.

By default, if a computer running Microsoft Windows 2000 Professional is a member of workgroup a or the newest member of a Microsoft Windows NT 4.0 domain, the local administrator that the user logs on to first is assigned as the administrator. default tool. If r. C using Windows XP and/or Windows 2000 is a member using a Windows Server 2003 domain or domainWindows 2000, any built-in administrator account on the first Arena controller in the domain is listed as the default recovery agent.

A laptop running Windows XP, and therefore a member of a workgroup, does not actually have a recovery agent. You must create a local recovery agent on your sites.

Export The Recovery Agent Private Key From A Huge Workgroup Machine

To export the Recovery Broker private key from a computer that experts believe is part of a large workgroup, do the following:

  1. Log in to your computer with a local Recovery Broker user account.

  2. Click Start, Run, type mmc and click OK.

  3. On the File menu, choose Add/Remove Snap-in. Then, on Windows Server 2003, Windows XP, or Windows 2000, click Add. Or click OK in Windows Vista, Windows 7, Server Windows 2008, or Server Windows 2008 R2.

  4. windows encrypted file system recovery

    Under Available standalone snap-ins, clickCertificates, then click Add.

  5. Click My Account, Users, then clickclickDone.

  6. Click Close and then click OK in Windows Server 2003, Windows XP, and/or Windows 2000. Or click OK in Windows Vista, Windows Multiple, Server Windows 2008, or Server Windows 2008 R2.

  7. Double-click Certificates – Current User, double-click Personal, then double-click in this caseCertificates.

  8. Find a certificate that has the exact words “File Recovery” in the “Purpose” column of the “Purposes” column (no notes).

  9. Right-click on the certificate you found in step 8, select Everyone and Tasks, and click Export. Certificate Export Launcher.

  10. Click “Next”.

  11. Click Yes, change the private key, then click Next.

  12. Click Personal Information Exchange – PKCS #12 (.PFX).


    We strongly recommend that you also click onSelect the Select Normal Security (requires IE 5.0, NT 4.0 SP4 or later) check box if you want to protect your private key from unauthorized access.

    If you select the specific checkbox “Remove the private key after every successful expo “ta”, the person’s private key will be deleted from the computer, and you will no longer be able to decrypt protected files.

  13. Click Next.

  14. Enter password, then visitor Next.

  15. windows encrypted file system recovery

    Specify the filename and location where you want to export each certificate and private key, this time, and click on it.Next.


    How can I recover EFS encrypted files without key?

    Right click the folder or file, then look at the properties.Click on the “General” tab and then on “Advanced”.Clear the Encrypt contents in protected data check box.When decrypting versions, select the Apply Changes option so that you can use this folder, its subfolders, and files.Click OK, then OK again to close the window.

    We recommend that you transfer the file back to your computer or removable media, and then store the backup in a designated location where you can provide physical security for the shared backup.

    How do I recover my EFS key?

    In order to decrypt the FEK, individuals must have the corresponding personalized EFS key from a set of public and private keys. Once the FEK is decrypted, your organization can use the FEK to decrypt the file. If your EFS private key is lost, you can use a recovery agent to recover protected files.

    Самый простой способ восстановить зашифрованное восстановление файловой системы Windows
    De Eenvoudigste Manier Om Gecodeerd Windows-bestandssysteemherstel Te Herstellen
    Il Modo Più Semplice Per Ripristinare Il Ripristino Del File System Di Windows Crittografato
    Der Einfachste Weg Zur Wiederherstellung Des Verschlüsselten Windows-Dateisystems
    암호화된 Windows 파일 시스템 복구를 복원하는 가장 쉬운 방법
    Det Enklaste Sättet Att återställa Krypterad Windows-filsystemåterställning
    Najłatwiejszy Sposób Na Przywrócenie Zaszyfrowanego Odzyskiwania Systemu Plików Windows
    La Forma Más Fácil De Restaurar La Recuperación Del Sistema De Archivos Cifrados De Windows
    A Maneira Mais Fácil De Restaurar A Recuperação Do Sistema De Arquivos Criptografado Do Windows