Re: Recovery Agent cannot recover encrypted files

From: jorgen <na@invalid>
Date: Wed, 09 Jan 2008 03:42:46 +0100

Richard R wrote:

1. Created user efs_recovery and added to administrators group
2. Logged in as user and ran cipher /r:cert.pfx
3. In "Local Security Policy" Went to the "public key Policies/EFS" section and ran the "Add data recovery Agent" wizard. Added the cert i created using the cipher command which added the efs_recovery user as a recovery agent.

Anyone got any ideas on this. Im kind of drawing a blank.

cipher /r creates two files: .pfx and .cer

only the pfx-file contains the private key to decrypt data. So make sure this is the one you import in step 3
.

Follow-Ups:
- Re: Recovery Agent cannot recover encrypted files
  - From: jorgen

Prev by Date: RE: Recovery Agent cannot recover encrypted files
Next by Date: Re: Recovery Agent cannot recover encrypted files
Previous by thread: Re: Recovery Agent cannot recover encrypted files
Next by thread: Re: Recovery Agent cannot recover encrypted files
Index(es):
- Date
- Thread

Relevant Pages

Re: recovery agent keys/certs
... If you want to be especially secure you can run "cipher /w" after you ... delete the .pfx file and empty the recycle bin. ... After the new recovery agent is in place in group policy have every user ... > Choose the 'Automatically Select The Certificate Store ...
(microsoft.public.windowsxp.security_admin)
Re: Recovery Agent certificate
... > Create a DRA cert using cipher /r ... >> to add a Recovery Agent to my computer Encryption File System ... >> Importing the certificate into the various "Root Trust" list etc makes ...
(microsoft.public.windowsxp.security_admin)
Re: PKE on XP pro
... After you add recovery agent, you have to update all your files with ... For cipher /u to be successful, it has to "touch" any encrypted file and ... For this user that is running cipher /u has to have _valid_ ...
(microsoft.public.windowsxp.security_admin)