In the immortal words of Homer, "Doh!"
I use Bitlocker on my work laptop to ensure that all my data is safe as I would not want any corporate or client documents to fall into the wrong hands. Also, as most people do, I store some personal data on my work laptop. Nothing exciting really, just things like payslips and the odd photo of my family; things like that. To keep these files doubly safe, and away from any prying eyes, I encrypt them again with EFS. I guess you could call this "belt and braces" because there really is no need to do it (although my father would be proud of me for being so well prepared! (Hi Dad)). EFS is nice and easy, and is invisible to me as far as the encrypting and decrypting process works because I do not have to do anything to read/edit the files; Windows Vista takes care of everything.
Well, the other day I decided to switch my desktop OS of Windows Vista Ultimate 32bit for the latest build of Windows Server 2008 64bit because I had a 64bit CPU that was being wasted and also I wanted to use the excellent Hyper-V of Windows Server 2008. I meticulously copied all of my files onto my USB hard drive in preparation for the install then I ran the script a couple of times just to make sure everything was copied over. Then I verified that everything was there by hand in case my script had done something dodgy. Great, all backed up, time to format the drive... (I am sure that some people will see where this post is going). Upon getting back into Windows, I started a copy of all my files back into the My Documents folder, only to see the following error appear towards the end of the copy:
Hmmm, must be something up with the NTFS permissions; I'll hit the Continue button to fix it. Then:
"Try Again". "Try Again". "Try Again". "Try Again". "Try Again". "Try Again". "Try Again". "TRY AGAIN" . AAAARRRRRGGGGGGHHHHH!!!!! I DIDN'T BACK UP MY EFS KEYS, NOOOOOOOOOO!!!!!
There really is no point crossing fingers here hoping it will suddenly work. Nor will praying, or asking Bletchley Park for help, make it any better; if you don't back up your private key before wiping your hard drive then your encrypted files are lost forever. And, because I had used Bitlocker to previously encrypt the drive there was no point even bothering to try and recover deleted files from the partition, as there would not be any. Sigh, that's it then. I might as well delete those encrypted files on my drive as they just taunt me every time I see them there. Up to this point I had experienced various emotions, each one worse than the previous one. Rather than try to describe them here I think it is easier to use emoticons as visually it is much clearer:
Once I had calmed down a little and accepted the fact that it was all gone I did the following to make sure that this never happens to me again. So go do it yourself, NOW! Don't learn the hard way like me as it is not very friendly on the blood pressure.
Open Control Panel and choose User Accounts. Then click on the link circled in the image below:
Run through the wizard and back up your key(s) to a secure location.
That is all there is to it, nothing else. Then, if one day you need to recover an encrypted file, you can just import your backed up key files into the new computer and you'll have access again to the encrypted data. When my brother Steve reads this he'll probably send me a Nelson (from the Simpsons) "Ha-Ha" email. Steve, no need as I am already feeling gutted for doing it in the first place.
Comments
Anonymous
January 01, 2003
I have had this blog post in the pipeline for a while now, but I have been waiting until all the piecesAnonymous
January 01, 2003
@Tim, Yes I believe they do, but I gave up trying after explaining what I wanted 1000 times to the helpdesk. Also, because I was running an unsupported build, they were not keen on offering support :-SAnonymous
June 09, 2009
Doesn't MSIT backup your encryption key, or have the ability to recover the files as a recovery agent? Tim