Re: EFS Data Recovery not working as expected
- From: Leo Cruz <LeoCruz@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 6 Feb 2008 04:35:00 -0800
Thank you for your reply. Believe me when I tell you that I have read all
Microsoft and most non-microspft articles on EFS. I have googled "EFS" and
read at least 2 pages worth of searches; nothing explaining the problem I am
having. Probably something trvial, but I cannot figure it out. Essentially, I
have a CA setup as an enterprise CA issuing certificates to users
automatically. a group policy was created with group filtering for specific
machines that we want EFS to be used on regardless of who logs in. A test
user logs in, they get a certificate from CA and DRA listed as agent able to
recover data, NOT domain administrator (microsoft best practice). The
thumbprint for the DRA on the encrypted file matches the thumbprint of the
DRA's file recovery certificate on the certicate server. I log into the CA as
the DRA and export the private key into pfx format. I log into the machine
that I want to recover data for as the DRA, import the private key, try to
decrypt data, access denied. I'm stumped and Microsoft's explanation of using
a DRA is somewhat lacking when it comes to a domain setup
"GreenieLeBrun" wrote:
.
Leo Cruz wrote:
I've recently setup EFS for an enterprise network and everything is
working great, except decryption. I've created a custom group policy,
setup and enterprise CA, and everything seems to be working well.
When i attempt to recover data as the DRA, i'm getting access denied
and cannot figure out the cause. If this is the correct forum to post
this in, let me know and I'll go through an exhaustive explanation of
the setup. If this is not the correct forum, please let me know where
i should post this. Thanks.
I don't use EFS but you may find some help in the attached links :-
The Encrypting File System
http://www.microsoft.com/technet/security/topics/cryptographyetc/efs.mspx
Best practices for the Encrypting File System
http://support.microsoft.com/kb/223316/en-us
How to back up the recovery agent Encrypting File System (EFS) private key
in Windows Server 2003, in Windows 2000, and in Windows XP
http://support.microsoft.com/kb/241201
How To Encrypt a Folder in Windows XP
http://support.microsoft.com/?id=308989
How To Remove File Encryption in Windows XP
http://support.microsoft.com/?id=308993
How To Encrypt a File in Windows XP
http://support.microsoft.com/?id=307877
HOW TO: Share Access to an Encrypted File in Windows XP
http://support.microsoft.com/?id=308991
Advanced EFS Data recovery
http://www.crackpassword.com/products/prs/mswin/efs/
- References:
- Re: EFS Data Recovery not working as expected
- From: GreenieLeBrun
- Re: EFS Data Recovery not working as expected
- Prev by Date: Re: Upgrade from ME to XP
- Next by Date: Nothing but SPAM
- Previous by thread: Re: EFS Data Recovery not working as expected
- Next by thread: MS Optical Mouse Blue
- Index(es):
Relevant Pages
|
