EFS Files On domain Profile windows 10

Copper Contributor
Hi
I am facing some issues related to EFs encryption files,
I removed a domain profile entry from Regedit and Renamed User name Folder On windows 10. After login new profile created “same user”. There are some EFS encrypted files which noticed Later . Now i can see certificate but i cant change file permission attribute even from Local admin. Is there any way to decrypt those Files (word n excel files).
Kindly help
2 Replies

@Justn can you do a system restore to go back to a point in time before you removed the profile to access and decrypt the files?

@JustnYou don't have many options here:

  1. Restore the system to a state before you removed the profile
    • As already suggested, try system restore
    • Restore system from a backup if one is available
  2. Restore the EFS-Certificate from the User
    • Restore the Certificate from a previously exported file if available
    • Restore the Certificate from your CA if you implemented Private-Key-Archiving
  3. Decrypt the encrypted files with an EFS-Recovery certificate, if previously implemented

If you have neither of those options, you have no way of getting the files again. You either need to restore the old profile, which contains the private key needed to decrypt the files, or you needed to implement recovery options BEFORE your incident (EFS-Recovery Agent, Private-Key-Archiving, EFS-Certificate export and backup).

If you didn't implement any EFS-Recovery options and can't access the original profile with the original user account in it's original state (a password reset on the user-account would block you from accessing the private key even in the original user profile), you are out of luck. Implement one or more of those features as soon as possible to prevent future disasters, or at least, disable EFS for end-users.