If you do not have a backup of the original EFS key, you're out of luck. EFS keys are randomly generated private/public key pairs; the files are encrypted using the public key, and the private key is what you need to decrypt those files. When you first encrypt a file on a standalone XP system, you do not have a key pair. The system automatically generates one for you, and stores it in your user profile using the Protected Storage subsystem. With XP, the key is additionally encrypted using a derivative of your login password, which is why resetting the password renders the key useless. (Changing your password via Ctrl-Alt-Del re-encrypts your EFS keys using your new password, so you don't lose them.) The only way you will be able to recover your files is to find a backup of the EFS key. If you backed up your OS drive before you reformatted it, you can restore the old backup, log in and decrypt the files. To create a recovery agent so that you can recover your files should you need to reformat the system drive in the future: 1. At a command prompt, enter "cipher /r:c:\efs" 2. Choose and enter a password to protect the key when prompted. 3. This will create two files: c:\efs.cer and c:\efs.pfx. 4. efs.pfx is your private key for file recovery. Back this up to a floppy or CD and put it somewhere safe. (You'd be better off to make more than one copy and put them in different places.) 5. efs.cer is the public key. Once installed as a recovery agent, all files encrypted on the machine will be readable using the matching private key. 6. To install the key as a recovery agent, first type "start secpol.msc" from a command prompt. 7. In the window that opens, find "Security Settings\Public Key Policies\Encrypting File System" in the tree. Select Add Data Recovery Agent from the Action menu. 8. Browse for and select C:\efs.cer. 9. Click thru the rest of the wizard to complete the installation. Note that any files encrypted prior to installing the recovery agent key CANNOT be decrypted with the recovery key. You will need to decrypt and re-encrypt those files for the recovery key to work with them. In particular, this procedure won't help you recover the files you've already lost the key for. But it will enable you to use the encryption feature without worrying about this problem in the future. Should you need to recover files created with the recovery agent installed, simply import the efs.pfx certificate into the Current User/Personal certificate store. (You can start the import process by simply double-clicking the .pfx file.) Once you've set up the recovery key, be sure to remove efs.pfx from your system and keep it locked away, or the encryption is quite useless. Also, be sure to use strong passwords for windows login; if you use a weak password, it's easier for someone to bypass EFS by guessing it.
