A corporate user's Windows 7 Enterprise HD crashed. Multiple PSTs were saved in an encrypted folder. A data recovery service was able to recover virtually all the data and provide it on a USB stick, however the PSTs no longer think they're encrypted. They are not displayed in green, and do not have the Encrypt checkbox checked. They obviously were not decrypted by the service, but I need help in figuring out how to gain access to these files. If necessary I have the contents of the Crypto and Protect folders.
EFS encryption is very dangerous. If the original Windows user account under which the EFS encryption was created is gone, there is no way to recover the encrypted files. BitLocker is a lot safer in this sense. Anyway, I don't think there is a way to recover these PST files. I mean, to decrypt them to a usable state.
That's not completely true - what is the case, as with any encryption, you have to responsibly manage passwords, keys, headers, certificates recovery etc., otherwise you can indeed be locked out. That clearly includes managing user accounts and the retirement process (which would normally include making the account inactive). And you can have non-AD accounts on different machines with the same EFS certificate and able to read the same file. In the case of EFS it nags you to do the right thing regarding certificate management, and there is extensive advice on best practice in the corporate/enterprise space that the sys admin "should" have fixed up for the end user - EFS has the advantage of being pretty much invisible for the user like that. That said, I personally do not attempt to manage EFS certificates this way, it's a purely local arrangement for the account, and I don't really care if the local disk fails, because my backup is not tied to EFS. I confess I don't understand the OP to the extent that, provided the above applies and the user's EFS certificate is available, then it should be possible to decrypt the pst files as far as EFS is concerned - if the service decrypted other EFS files, then it would do the exact same thing to the psts, nothing special about them (we're not talking about Exchange here I assume). Of course, the user might have applied separate encryption on the pst files, but that's a different matter.
Part of the problem is that Windows no longer recognizes these files as encrypted. I don't know if that means that the encryption 'flag' got stripped off during the recovery (the files could not have been decrypted), or if something else is missing from the equation.