Posted this originally in social.answers.microsoft.com & a 5-medal forum member suggested I repost here. I backed up a user's SystemCertificates folder and encrypted documents from an XP Pro installation. That installation is now gone and I'm trying to import the XP Pro certificates from the (old, backed-up XP) SystemCertificates folder into that user's new Windows 7 Enterprise installation. The ONLY certificate I care about is the EFS key for the encrypted docs. It would seem I would have done better to export the user's XP/EFS certificates, rather than simply backing up the folder. Sigh. . . Live and learn. In any case, I've been trying to import using certmgr.msc. Only one of the certificates will import successfully - it's one of two certificates in (old/XP) SystemCertificates/Certificates/My store. And - you guessed it - it's not the one that will open the encrypted docs. When I look at properties/advanced/detail for any of the encrypted docs, the thumbprint exactly matches the filename for the other of the two certificates in the System Certificates/Certificates/My store. Which would seem to indicate that's the one I need, yes? Except, as I said, it won't import: "The specified file is empty. Select a different file." Other things I've tried: · Import of the certificate directly on the server using a sysadmin account. Had high hopes for this one, as my recollection is that when the user's XP Pro docs were encrypted, the machine was joined to the SBS 2008 domain. Alas. · On a machine with an existing XP Pro installation, logged on as the user whose encrypted docs I'm trying to unlock and tried to import. Nope. · Another variation I tried while logged on to the XP machine with that user's account was simply replacing the SystemCertificates folder with the old one. (That last bit especially embarrassing to admit, but hey, when you're desperate. . .) Gulp. Am I out of luck?

Hi samry, Thanks for posting in Microsoft TechNet forums. As I understand that you encounter the following scenario: You have problem to import EFS key form Windows XP to Windows 7. After importing or copying the decryption keys / certificates on to your win7 computer try the link below: http://mintywhite.com/windows-7/7security/decrypt-encrypted-files-windows/ Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information. And there is a solved thread mentioned how to transfer encryption key from Windows XP to Windows 7: http://social.answers.microsoft.com/Forums/en-US/w7security/thread/5601bfe7-de19-479a-862b-7256043abd5e Hope it helps. Best Regards Leo Huang TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Leo, thanks for the reply. In the links you gave, both scenarios first require exporting the key from the XP Pro installation. That's the step that I didn't know to do, and the XP Pro installation is now totally wiped. What I do have is a backup of the XP Pro folder that I (perhaps wrongly) understood to contain the EFS certificate. To be clear about the folder I've mentioned, in the XP Pro installation, the path was documents and settings/[username]/applicationdata/microsoft/systemcertificates I'm trying to import directly from the backup of that SystemCertificates folder, rather than importing from a properly exported key. I don't know if this is possible, but that's where I'm at. Any other ideas? Thanks.

Hi samry, the way you just move the folder from documents and settings/[username]/applicationdata/microsoft/systemcertificates of Windows XP to Windows 7 is not effective. But you can try to export the registry form Windows XP and input it to Win 7 for test: 1 Go to regedit.msc on Windows XP 2 Find the key form HKEY_CURRENT_USER\Software\Polices\Microsoft\SystemCertificates 3 Right click SystemCertificates and choose “Export” 4 Save the .reg file and copy it to the PC of Windows 7 5 Double click the .reg file and click “Yes” Note: You’d better backup your Registry before you want to change it. Hope it works. Regards, Leo Huang Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi samry, Do your resolve the problem? Please feel free to give me any update. Regards, Leo Huang TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Leo, I am sorry for not replying sooner, have been busy with other things. I understand your answer. I'm sure it would have worked, *IF* I had done so before wiping out the XP Pro installation. The XP Pro registry just isn't there any more. This gets at the basic point of my original post: I did not understand that I needed to export any keys or certificates from the XP installation. The XP installation is now gone. Is there anything I can do at this point to recover the EFS encryption keys? I am aware that data recovery for deleted files is sometimes possible using 3rd-party utilities that scan a hard drive and find deleted files. However, I have not had good luck with those that I tried. (They simply crashed before completing.) Anyway, short of professional data recovery, it's looking like there's not much else to do. HOWEVER, if anyone out there has other information about this problem, please let me know. Thanks.