0

I have an old windows 10 computer which has DDR3 ram and an I7-4770k. Recently, the PSU died, I replaced it, then two days after something else died (It's probably the Motherboard, low chance if it being the CPU). I cannot afford to replace anything else to boot it for the moment, and even doing so it's impossible to find these old ddr3 components in my country.

My question is if I get a new computer, can I just plug the hard drive in SATA as a secondary drive and access my files ? It is locked by password and some files have EFS. If no what other options do I have ? Can I use it as an external drive ? I don't have the certificates backed up, not even sure if they're on the computer I can just right click and unlock the files usually.

I only have access to a MacBook Pro for now, I would like to backup all that data and also access it.

Thank you !

Edit : My hard drive is not encrypted, it only has windows login password, only some files have EFS padlock on. Some of them important.

Improve this question
10
  • 1
    The Mac is not going to be much use in this instance. It can read, but not write, NTFS; unless you add 3rd party software. As far as I'm aware it cannot decode NTFS encryption. I think you will be looking for a Windows machine to connect this to, if you have your encryption keys; otherwise, just grab your data from your last backup & forget that drive, wipe & start over.
    – Tetsujin
    Commented Jul 21, 2021 at 18:14
  • Hmmm… this claims to be able to decrypt Bitlocker on Mac - christianengvall.se/… might be worth a look [I don't know anything about Windows encryption, so can't help with that at all, sorry]
    – Tetsujin
    Commented Jul 21, 2021 at 18:16
  • You're right, even with 3rd party software it can't read the EFS encrypted files actually.I don't have any backup. I need the files though. I don't have the encryption keys but I know my windows-10 password, that's why I was asking what can I do when I buy a new computer with windows-10.
    – stackexchanged
    Commented Jul 21, 2021 at 18:17
  • You write that the drive is "locked by password" what protection system asks for the password (e.g. Bitlocker)? For the EFS encrypted files best would be an exported EFS private key and certificate from the system because the private key is protected with your password and can by default only be used when you are logged in, thus the original Windows in booted state is required. There are some EFS recovery tools, some of them commercial, but I don't have any experience with them.
    – Robert
    Commented Jul 21, 2021 at 18:18
  • I meant the windows password, I did not encrypt my hard drive using bit locker, the login password when you boot windows-10, I thought that'd be an important thing to point out.Technically I could buy a new motherboard just to backup everything, because the drive will still boot windows 10 even with a new motherboard, but I would like to avoid that and save money for a brand new computer.
    – stackexchanged
    Commented Jul 21, 2021 at 18:20

2 Answers 2

Reset to default
1

If you used a Microsoft Account to login your computer you best bet is to get/borrow/rent another Windows 10 computer. Login to that with your Microsoft Account and then connect your old disk. (E.g using an USB enclosure or USB-SATA cable or connect it as a 2nd SATA drive.)
With a little luck you can then access the disk because the EFS encryption keys should be linked to the Microsoft account.

If that doesn't work you will have to get another computer too (preferably with hardware as similar as possible to your old computer), but connect your old disk as system-drive to that and try to boot from it.
With a little luck you can boot it far enough to login with your original useraccount/password and access your files.

In both cases copy your files to another medium WITHOUT ENCRYPTION first. (You don't want to use ANY encryption that has a dependency on the hardware/Windows-installation when moving files between systems.)

Improve this answer
11
  • So basically when I get my new computer, even though it will be AMD instead of intel, and DDR4 instead of 3, I plug it and boot using it (I suppose I can choose which hdd to boot from in the bios) login normally and PRAY. But is there a way to remove encryption from ALL EFS files ? It will take ages to go through them 1 by 1 searching for the EFS locked ones... Thank you !
    – stackexchanged
    Commented Jul 21, 2021 at 18:37
  • @stackexchanged Depending on the old system and the Windows installation you might need to change some BIOS settings (e.g. enable CSM mode if the Windows install was not an UEFI Installation). As the drive is old and the old system had several defects I would recommend to backup all your files e.g. using a tool like 7zip to an second drive. By archiving the files they are automatically decrypted. Then remove the old drive and make a fresh Windows 10 installation to get rid of EFS and potentially damaged files. EFS is an outdated technology, full disk encryption like Bitlocker is better.
    – Robert
    Commented Jul 21, 2021 at 19:10
  • @Ramhound Sorry my stament was inaccurate, it was referred to the current question where the PC seems to be used as single-user system. Also EFS alone is vulnerable to evil-maid-attacks and EFS is pretty complex but easy to activate which has already destroyed terabyte of data by users not understanding it having activated it in Explorer. Last to may experience it was bad in protecting a whole user profile because of problems with temp files that collide with installers and a lot of other problems. Therefore my recommendation is to not use EFS and use an password encrypted container instead.
    – Robert
    Commented Jul 21, 2021 at 21:12
  • @Ramhound Yes it is easy: boot a second Windows, place an exe file into the user profile and add it as Autostart application and ready is the unattended "system" modification. For attacking one user this is already enough and can cause a lot of damage (e.g. keyboard sniffer, ransomware client, data extractor, ...).
    – Robert
    Commented Jul 21, 2021 at 21:39
  • @Ramhound : I disagree, I did not activate EFS, it just appeared on its own on some files, after I transferred them from one partition of my HDD to another (From C to D or vice versa ), I was still able to open them, but they had the padlock on. So basically even though I backed them up on an external HDD and they appeared to be fine, they are not readable, and I did not know since I only used that external HDD on that same computer, which I suppose was only working because it had the certificate. I knew nothing about all this until my pc died and couldn't open my backed up files.
    – stackexchanged
    Commented Jul 21, 2021 at 22:32
0

My question is if I get a new computer, can I just plug the hard drive in SATA as a secondary drive and access my files ? It is locked by password and some files have EFS.

If you had the foresight to export the certificate used to encrypt your files, this would be possible. If you did not follow the prompts to create a backup of that certificate, you would be unable to decrypt the files. If you had used BitLocker instead, you would be able to access your files (on another Windows machine) since you would have only required the passphrase to mount the drive. macOS has zero support for BitLocker protected volumes. It also does not support Windows EFS. Unless something has change it also does not natively support NTFS without third-party software.

If no what other options do I have ?

The only possible solution would be to image the drive and restore the image of the drive using third-party software that supports restoring the image to dissimilar hardware. This is sometimes referred to as "Universal Restore". The basic idea would be that you would restore the same installation you were using to log into the same installation. This avoids the need to export the certificate, although if you go this route, you should accomplish that task or disable EFS on the copy of the disk. You are copying the original HDD to a new HDD, so you don't modify the original HDD. macOS has zero support for EFS on Windows.

Can I use it as an external drive ? I don't have the certificates backed up, not even sure if they're on the computer I can just right click and unlock the files usually.

You could use the HDD as an external drive, but I wouldn't recommend it. The certificate is most certainly on the drive; otherwise, you wouldn't have been able to access the files that were encrypted on it. Using an NTFS drive as an external drive on macOS will present problems.

I only have access to a MacBook Pro for now, I would like to backup all that data and also access it.

This will present a huge issue. MacOS does not natively support NTFS and thus only workaround that is feasible cannot be done on the MacBook. My suggestion about creating an image of the HDD, restoring that HDD to a different HDD, all presumes that the installation will actually boot. If the original HDD would not have booted on the original machine then there is no realistic way to decrypt the data. If you had exported the certificate used to encrypt the data you would have additional options.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .