Indiana University
University Information Technology Services
  
What are archived documents?
Login>>
Login

Login is for authorized groups (e.g., UITS, OVPIT, and TCC) that need access to specialized Knowledge Base documents. Otherwise, simply use the Knowledge Base without logging in.

Close

At IU, how can I recover Windows encrypted files without a private key?

The Encrypting File System (EFS) is a component of the NTFS file system on Windows 2000, Windows XP Professional, and Windows Server 2003; it allows users to encrypt files stored on their local computer or on a Windows 2000 or 2003 server. The encryption and decryption process requires either a private key stored in the user's profile, or a master recovery key stored by a designated "recovery agent". Users who choose to encrypt their files with EFS should always make backups of their private key for safekeeping. In an emergency, such as a hard drive crash that removes or corrupts a user's private key, the master recovery key can restore encrypted files.

At Indiana University, the University Information Policy Office (UIPO) maintains a master recovery key for the IU Active Directory. If you forget a key or if your key is damaged, UIPO can use this domain master key to help you recover your own files. However, this is only possible if the file resides on a computer joined to the ADS domain and the user who encrypted the file is a domain user. If your computer does not belong to ADS, then your local support provider (LSP) or other department representative might be able to recover department or user documents, subject to institutional guidelines. In either case, the first step is to contact UIPO at  uipo@iu.edu . If your request meets the guidelines set out in Policy IT-07: Privacy of Electronic Information and Information Technology Resources, and any other applicable IU policies, UIPO will contact you and explain how to proceed.

Generally, the support provider makes a Windows Backup copy of the encrypted file and gives a media copy to UIPO; then UIPO recovers the file and returns it using unencrypted, read-only media.

Support providers who administer organizational units (OUs) can choose to disable file encryption entirely.

If you are a registered LSP at IU, the UITS LAN Lab can help with server administration. You can contact the lab at  itps@iu.edu .

For more information on the Encrypting File System, see the Microsoft TechNet article The Encrypting File System.

This is document aknh in domain all.
Last modified on May 27, 2011.

Comments/Questions/Corrections

Use this form to offer suggestions, corrections, and additions to the Knowledge Base. We welcome your input!

If you are affiliated with Indiana University and would like assistance with a specific computing problem, please use the Ask a Consultant form, or contact your campus Support Center.

Contact Information

Note: We will reply to your comment at this address. If your message concerns a problem receiving email, please enter an alternate email address.