# Post 8 to 8.1 Upgrade - EFS Encrypted folders Access Denied



## MNGuy248 (Nov 16, 2013)

This Windows 8.1 upgrade was titled an 'Upgrade' - I assumed it would be like a Service Pack or such - maintaining original OS settings - WRONG.
*All of my previously Windows EFS encrypted folders and files *(showing green per show encrypted folders green checkbox in Explorer) *now show 'Access Denied' in any attempt to open them.*

Years ago I upgraded from Windows 7 to Windows 8 Pro, and added Media edition.
*The 8.1 Upgrade announcement came out - and I downloaded the upgrade direct from Microsoft, and running it directly on Windows 8.0 Pro Media edition.*

When I upgraded from 7 to 8 - I used a new SSD, and used File and Settings transfer to a clean Windows 8. I learned then, that the Windows EFS encrypted partitions (photos, bank statements, tax records, etc) were unavailable due to change in OS... So - reconnected old drive, booted, disabled encryption on these folders on other drives - reconnect and reboot and re-encrypted them in Windows 8.0. My biggest mistake this time was not backing up my Windows 8.0 certificates, and/or not removing encryption before the upgrade. 

*What I did*: Windows 8.1 requested after upgrade my Microsoft Email address, and then a password to register itself with - I entered such... I never used this method before - thought it unnecessary, so after hunting for a while - found Local login and strangely was prompted for username and a new password. 
* Conclusion: 8.1 installed - replacing 8.0 completely - it retained my documents, and such - but it created its own NEW EFS Certificate* for authorized access to those type folders -* replacing the older one, rendering access to previously encrypted files and folders impossible.*
NONE of the Microsoft support representatives even looked at the EFS certificates - till the last one on Nov 16th who I showed the details too.

Right-clicking, Advanced, Details on a file shows the original certificate name from 2006. That certificate value shows in the certificate manager, but there is a different GUID on the one stating EFS Encryption type.

Does anyone have an idea how to find somewhere on my system my old certificate and reinstall that - or remove 8.1 and go back? This SSD install on a 120GB drive with 6GB free - so there does not appear to be a backup hidden folder as some internet searches suggest.

Thanks for any help!
Todd


---MS Support history on this issue---
I contacted Microsoft - here is my history, so you know I have tried - latest to oldest:

2013-16-11: Called me 1 hour after range agreed to call. - to tell me in discussions with Level 3 technicians - all they could advise was to take my system to a 'local technician'.
I asked to speak with a Manager, and was told one would contact me within 20 minutes - yet, no call back - now, 6 hours later.

2013-13-11: Called, connected remotely, they viewed permissions on files and folders, attempted to change ownership on them, time on: 2+ hours, type typed: about 10 minutes. Fed up with no progress - I insisted on showing him what I found - and showed him how the certificate GUID on one of the files in an encrypted partition is different than that showing in MS certificate manager. He said he would discuss this and call me back. An hour later he called and made another appointment for Nov 16.

2013-11-01: Received an email from Microsoft requesting I complete a survey on my support experience - implying it was solved it seems...
2013-26-10: Called, connected remotely, they viewed permissions on files and folders, attempted to change ownership on them, time on: 2+ hours, type typed: about 10 minutes. Told by rep that Microsoft would attempt to simulate the configuration and problem, find a solution and contact me when the steps to solve - never called...

2013-10-24: Called MS Support phone again - explained this should be covered as it is a 'new' upgrade to 8.1, and mentioned I was hung up on waiting on Legacy support, got an apology and she said I am covered, and put in touch with a Level 1 guy who connected remotely - and attempted to change permissions on folders - trying to set 'Everyone' with read permissions on EFS folders... failed. Told after hours of connection and minutes worked he would have a Level 2 person contact me, appointment set for Oct. 26th.

2013-10-17: Called MS Support and told 'because I had Windows 8.0 - that this problem is not supported and I would have to speak with a Legacy support person - she then put me on hold...
Start.... Disconnected after 2 1/2 hours on hold - when MS closed...

Each MS Support incident lasted between 1 1/2 to 2 1/2 hours. Total time during the remote connection they tried anything: less than 10 minutes total each time.
Conclusion: MS support, likely out of the country is paid by 'connection time' - as no progress at all was achieved with their help - and now they abandoned this issue.


----------

