Access denied to encrypted files after deleting system profile

Question

After my profile became corrupt (from an IE7 developer toolbar bug... that's another story), I was forced to deleted C:\Documents And Settings[myUserAccount]. After having a sysadmin recreate the profile, I now do not have access to any of my encrypted files (using EFS Enable) - I get access denied to everything. Just speculating, and I don't really want a bunch of answers directly on this speculation, but I fear the private key was lost when the profile was deleted.

I am an admin on the machine and all the files are my own creation, and I should have full control. System restore is out of the question because it was turned off by a group policy. Looking for a way to regain access to or decrypt these files... if they are not already corrupted.

Edit: Thanks for the correction Gilles. @Randolph Potter: I have my old profile still in docs and settings as [profile]_old. Could I just delete my current on and rename [profile]_old back to [profile]? Would that by chance bring back my SID/private key? What if I set the SID of Administrator to my profile in the Registry?

Answer 1

As you know now, Windows encrypts your files with a private key that is related to your SID. when your profile is deleted, everything is lost, because you won´t have the key anymore.

The only way to recover those files will be:

• restoring your profile

• restoring some backup (not encrypted!) you´ve made

• brute-forcing.

The approach used by Windows makes it irrelevant if you were the admin, and you created them. Imagine that if any other admin, that existed before or was somehow created on your machine, could access your files: the encryption would be useless.

The only way to make those file protected to you is, somehow, linking them to you: Windows approach was using your profile, creating a private key associated with it that could only be accessed by your password. Or by the NSA :)