Hello, We've recently installed a new branch office with a Windows SBS 2008 server. Somehow a group of files have become encrypted with EFS. The files are encrypted with a number of users' keys. I've disabled EFS in group policy now as its not appropriate for this environment and we don't want users encrypting files by accident (which seems to have been the case here?) I've been struggling to find out how to remove the encryption. I've got as far as using the cipher.exe tool. When I run: cipher /d /a In the affected area I receive "Access is Denied". Looking at a particular file using cipher /c I can see that the domain user is listed under the "Users who can decrypt" heading, and that the domain administrator is listed under "Recovery agents". So, I understand this to mean that I cannot decrypt the files until I somehow add another user to the list of decrypting users? How do I go about this? I can't seem to find any good documentation from my numerous searches. Thanks!

Most of your EFS information will come from Windows XP and Windows Server 2003 documentation. Because the admin can only recover the key, the admin must recover the keys and then use the recovered keys to decrypt the files. Encrypting File System http://technet.microsoft.com/en-us/library/cc700811.aspx 5 Minute Security Advisor - Recovery Encrypted Data using EFS http://technet.microsoft.com/en-us/library/cc722672.aspx Because it uses a measure public key cryptography and symmetric key encryption, you should have at least a 200-300 level knowledge of PKI to accomplish the tasks outlined in the recovery process. Best Regards,Steve Kline Microsoft Certified IT Professional: Server Administrator Microsoft Certified Technology Specialist: Active Directory, Network Infrastructure, Application Platform, Windows 7 Microsoft Certified Product Specialist & Network Product Specialist Red Hat Certified System Administrator Microsoft® Community Contributor Award 2011 This posting is "as is" without warranties and confers no rights.

On Tue, 31 May 2011 14:06:20 +0000, Steve Kline wrote: Most of your EFS information will come from Windows XP and Windows Server 2003 documentation. Because the admin can only recover the key, the admin must recover the keys and then use the recovered keys to decrypt the files. This is not the case and you're not reading the material correctly. There is a big difference in EFS between a data recovery agent (which is what the Domain Admin referred to in the original post) and a key recovery agent (which is what you're referring to. The data recovery agent can decrypt any EFS encrypted file in the Enterprise. A key recovery agent is only used in the second half of a key recovery operation from Certificate Services which is not what is going on here. A key recovery agent is not listed when cipher /c, that lists the data recovery agent. In a domain environment, that default data recovery agent is the first Administrator account on the first domain controller installed. Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca Thrashing is just virtual crashing.