I don’t like Windows’ Encrypted File System (EFS), and Jeff’s story illustrates why. Although EFS provides what appears to be a convenient, completely transparent form of encryption, it can be trouble down the road.
EFS makes sense in a business, where IS professionals manage the computers and less savvy people use them. The users don’t even have to know that their data is encrypted (or even what the word encrypted means). They log into Windows and they can access their files. But if someone else logs in, or boots from a live Linux CD, or removes the hard drive, the files are inaccessible. And should it be necessary, IS knows how to get back those files.
But in a home environment, as Jeff discovered, EFS is just asking for trouble down the road.
So what should you do? If the old PC can boot Windows and work at all, put the drive back in, boot it, and transfer the files from there.
If not, did you create and export the certificate needed to decrypt the files–and did you save the certificate to a safe place not on that hard drive? If you did, and if you can find the certificate, you can access the files–even from another computer (assuming the computer is running Windows).
To do so, click Start (Start>Run in XP), type certmgr.msc and press ENTER. This opens the Certificate Manager. Click the Personal folder in the left pane. Then, from the menu, select Action>All Tasks>Import and follow the Certificate Import Wizard.
But if the old PC is utterly useless, you don’t have a certificate, and you don’t have an unencrypted backup, those files are gone. You can Google decrypt efs without certificate, but I doubt you’ll find a solution that works.
You may have noticed that I didn’t provide instructions for creating and exporting a certificate. That’s because, if you’re using EFS, I have better advice:
Stop using EFS. Instead, switch to TrueCrypt. It’s free, open-source, and dependable. No matter what computer you’re using it on, if you have the password, you can get in. Without the password, you never will.
I don’t recommend encrypting your entire drive with TrueCrypt, although that’s possible. Instead, create one or more encrypted file containers, and keep your sensitive files in them. Leave the rest of your data unencrypted.
Contributing Editor Lincoln Spector writes about technology and cinema. Email your tech questions to him at answer@pcworld.com, or post them to a community of helpful folks on the PCW Answer Line forum. Follow Lincoln on Twitter, or subscribe to the Answer Line newsletter, e-mailed weekly.