Forum Discussion

Justn's avatar
Justn
Copper Contributor
Oct 17, 2019

EFS Files On domain Profile windows 10

Hi I am facing some issues related to EFs encryption files, I removed a domain profile entry from Regedit and Renamed User name Folder On windows 10. After login new profile created “same user”. The...
Domain
efs
encryption
Office
profile
Profile Migration
Regedit
windows 10
dretzer's avatar
dretzer
Iron Contributor
Oct 21, 2019

JustnYou don't have many options here:

  1. Restore the system to a state before you removed the profile
    • As already suggested, try system restore
    • Restore system from a backup if one is available
  2. Restore the EFS-Certificate from the User
    • Restore the Certificate from a previously exported file if available
    • Restore the Certificate from your CA if you implemented Private-Key-Archiving
  3. Decrypt the encrypted files with an EFS-Recovery certificate, if previously implemented

If you have neither of those options, you have no way of getting the files again. You either need to restore the old profile, which contains the private key needed to decrypt the files, or you needed to implement recovery options BEFORE your incident (EFS-Recovery Agent, Private-Key-Archiving, EFS-Certificate export and backup).

If you didn't implement any EFS-Recovery options and can't access the original profile with the original user account in it's original state (a password reset on the user-account would block you from accessing the private key even in the original user profile), you are out of luck. Implement one or more of those features as soon as possible to prevent future disasters, or at least, disable EFS for end-users.

Resources