Hello, I have followed all steps as Windows Help and Support says to do, but it doesn't work: 1) To create a recovery certificate: Windows Help and Support says: Click to open the Command Prompt window. Plug in or insert the removable media that you're using to store your certificate. Navigate to the directory on the removable media drive where you want to store the recovery certificate, type cipher /r:file name (where file name is the name that you want to give to the recovery certificate), and then press ENTER. If you are prompted for an administrator password or confirmation, type the password or provide confirmation." . As I did it - the result was two files (a security certificate file and a personal information exchange file) which were indeed created successfully without an error message, but actually when you right click on them and choose "properties", and then the tab "Details", and you check the owner of these files - it says "Everyone"... instead of my own user name, and so these files aren't linked to my user account and as so are useless for the purpose of recovering my own encrypted files... 2) To install the recovery certificate: Windows Help and Support says: Insert the removable media that contains your recovery certificate. Click to open Local Security Settings. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. Click Public Key Policies, right-click Encrypting File System, and then click Add Data Recovery Agent. This opens the Add Recovery Agent wizard. Click Next, and then navigate to your recovery certificate. Click the certificate, and then click Open. When you are asked if you want to install the certificate, click Yes, click Next, and then click Finish. Click to open the Command Prompt window. At the command prompt, type gpupdate, and then press ENTER. As I complete step 5 (as I click Open...), It says : "Windows cannot determine if this certificate has been revoked. The revocation function was unable to check revocation for the certificate. Do you want to install this certificate?". -- I then click yes, and I see then at the list of recovery agents at the same window of Wizard (Before I do press "Next" and do continue...) the following: "Recovery agents: Users CertificatesUSER_UNKNOWN My User Name..." . As you can see - I am an "UNKNOWN" User, and as so when I do complete all of these steps, my user account doesn't have this certificate assigned to it actually... When I do the the last step that Windows Help and Support tell me to, then the decryption of all my encrypted files do not succed... (" Log on to the account you were using when you first encrypted the files. Click to open the Command Prompt window. At the command prompt, type cipher /u, and then press ENTER. If you choose not to update encrypted files with the new recovery certificate at this time, the files will automatically be updated the next time you open them. "). and when I try to access my encrypted files it says "Access is Denied". How can I have success with the creation and installation of a new recovery certificate, so it will be assigned to my user account and the revocation of it will be indeed validated?? And finally to recover all of my encrypted files?? P.S. : my old certificate has already expired and actually I did store and backup it with the private key at the same folder where everything is encrypted... and my user account is an administrator account, so there should be no broblem to accomplish the steps in Windows Help and Support...

Hi Michel Korn, Thank you for the post. I would like to confirm if you have imported the Recovery Certificate. If not, please double click the .PFX file which is generated by the command: cipher /r: and complete the Certificate Import Wizard. Hope it helps. Sincerely, Joson Zhou Microsoft Online Community Support

Yes, I have imported the Recovery Certificate to the Personal > Certificates Store at the Certificates Manager Console, by double clicking the .PFX file generated by the command: cipher /r:File Name --- But yet, after the creation of the recovery certificate and importing it, and then after completing all steps as it says at Windows Help and Support under the subject title "Create a recovery certificate for encrypted files", it is stil not working... At the final step, when I open the command prompt and type: cipher /u - It says for each of the encrypted files: "The specified file could not be decrypted." . And then as I do try to open one of the encrypted files - I get the error message: "Access is denied." . Another thing is that when I do right click one of these files and choose properties, and the at the general tab I press Advanced, and then I press on Details next to the line "Encrypt contents to secure data" - I then get a new dialog box, and at the section under "Recovery Certificates for this file as defined by recovery policy" there is no one single recovery certificate listed there. In addition,under the section "Users who can access this file" I do see my old certificate listed there with my user name and old Certificate Thumbprint (a certificate which has already expired, and I don't have it anymore installed, and I can't import it back because it is one of the encrypted files along side with the private key...). Why didn't it all went right, and what can really be done to recover my files??? Best Regards,Michel Korn.

Hi Michel Korn, Thank you for your response. From your reply, I would like to further confirm the following points with you: 1. Is the command: cipher /u typed under the account which is as same as the one that encrypted the file? 2. Can you read the encrypted file under the account which is as same as the one that encrypted the file? 3. Is the EFS certificate that encrypts the file expired? 4. Does the computer join domain? 5. Is the EFS certificate self-signed? If so, it should be valid for 100 years. I look forward to your reply. Sincerely, Joson Zhou Microsoft Online Community Support

Hello Joson Zhou, Thank you very much for your response. In regard to your reply, here are the answers to your questions: Yes, I did type the command cipher /u under the account which is as same as the one that encrypted the file. No, I Cannotread the encrypted file under the account which is as same as the one that encrypted the file. Yes, the EFS certificate that encrypts the file has already expired. No, the computer don't join any domain. The EFS certificate has been created automatically, when I just encrypted the files under the Documents folder. I had only to backup the .PFX Certificate file and the password for the private key, and these are two files which I did save in the same encrypted directory as I did with all the other encrypted files.Actually, I did encrypted the 'Document' folder and all sub directories and files under it, by right clicking on the folder, and choosing Properties >> Advanced >> and checking the chex box: "Encrypt contents to secure data" under the "Compress or Encrypt attributes" section of the dialog box.I do not know how to check actually if the EFS certificate is self-signed - How can I check it?? After a certain period that every thing was OK - One night, suddenly when I press on the button to shut down my PC, a dialog box appear on the screen and saying to me that the certificate is going to expire tommorow, andthat Ishouldto backup the certificate / the private key, otherwise I will not have access to them any more. I had few options to choose from, and I did choose to be reminded again to backup it as I will open again the computer and log in to windows again. I did log in again right at thenext morning, and no reminder was showing up - and as I tried to open my files - It was too late, because the certificate has already expired, and I didn't have access anymore to my files. Best Regards,Michel Korn.

Hi Michel Korn, Thank you for providing me with the detailed information. I appreciate the time and effort you invested on this issue. From the description, this certificate should be a self-signed one. You can verify this in the certificate console: The name under Issued To is as same the one under Issued By if it is a self-signed certificate. Here are the steps:========= 1. Open Certificate Manager by clicking the Start button, type certmgr.msc in the Start Search box and press Enter. 2. Click Personal, click Certificate, and check the certificate that lists Encrypting File System under Intended Purposes. However, based on my understanding, we can still decrypt files even though the EFS certificate is expired, because EFS stores existing private keys. As a result, I suspect that issue results from one of the following causes: The private key corresponds to the certificate is damaged or deleted. The thumbprint listed in Users Who Can Access This File does not match any thumbprints for the users certificates. If any of the above factor is true, I am afraid that we may not be able to recover the data. Now, lets collect the following information for further research: 1. Export the encrypted information using the utility efsinfo.exe:---------------------------------------------------------1.1 On the Windows Vista machine, download the utility from the following link:http://www.microsoft.com/downloads/details.aspx?familyid=9C70306D-0EF3-4B0C-AB61-81DA208F5C47&displaylang=en1.2 Install the utility.1.3 Click the Start button, type cmd.exe, right-click the cmd.exe icon and select Run as Administrator to open Command Prompt. 1.4 In the Command Prompt, go to the folder storing the utility (by default, the location is C:\Progarm Files\Resource Kit).1.5 Type efsinfo /r /u /c <Path of the encrypted folder> > efs.txt (the efs.txt file is stored in folder where the utility locates). 2. Export the certificate information:----------------------------2.1 Log onto the Windows Vista machine with the account encrypting the folder.2.2 Open Certificate Manager by clicking the Start button, type certmgr.msc in the Start Search box and press Enter.2.3 Click Personal, click Certificate, and click each certificate > All Tasks > Export to export all of them. (You do not need to export the private key). 3. Check the status of the EFS certificate:-------------------------------------3.1 Log onto the Windows Vista machine with the account encrypting the folder.3.2 Open Certificate Manager by clicking the Start button. Type certmgr.msc in the Start Search box and press Enter.3.3 Click Personal, click Certificate, double-click each certificate that lists Encrypting File System under Intended Purposes, and capture a screenshot for the General tab of each certificate. 4. Please zip the above information (files), rename the zip file using your logon ID and upload it to the following space:https://sftasia.one.microsoft.com/choosetransfer.aspx?key=6ac87808-d533-404b-bd8b-4a81f570f391Password: pH!n[vt0Zdc# Note: Please post a quick note in the current thread to inform me after updating the information. I look forward to your reply. Sincerely, Joson Zhou Microsoft Online Community Support

Hello Joson Zhou, Non of the certificates at the certificate manager is the certificate which the files were encrypted with, because I did actually delete accidentally and manually all certificates under my user name which I had there, shortlly after I didn't have any more access to my files (I didn't understand what I were doing...) . Is it possible to replace the certificate to my files with a new working one, even if I don't have any more the old certificate at hand??? Best Regards,Michel Korn.

Hi Michel Korn, Thank you for your update. I am sorry to hear that the certificate used to encrypt the data has been deleted. Please understand that we must decrypt the encrypted files in order to access/modify them. Recently, we do not have the correct EFS certificate and private key for the files, and thus we are unable to access, modify or replace the certificate to encrypted files with a new working one. Thank you for your understanding. Sincerely, Joson Zhou Microsoft Online Community Support