EFS & Recovery Agents

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Rob Lowe <RobLowe@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 16 Mar 2009 13:38:01 -0700

I'm implementing EFS on a Windows Server 2008 standalone server using
self-signed certificates.

In doing my research, I found that Recovery Agents can decrypt encrypted
files and folders. During my lab work, I found that Recovery Agents can also
open encrypted files even if they are not explicitly listed as a user that
can decrypt the file.

I was under the impression that a Recovery Agent could only decrypt a file.
Is this:

1. a misunderstanding on my part?
2. something that has changed as Windows has evolved?
3. improperly configured in my lab?
.

Prev by Date: Re: Which Dynamic Volume Keeps a Drive Letter
Next by Date: Help- file directory bugged?
Previous by thread: Repeating folder - can't delete - path too long
Next by thread: Help- file directory bugged?
Index(es):
- Date
- Thread

Relevant Pages

Re: I Need Help In Decrypting Files
... Restore the original profile in Windows Server 2003 that decrypted the ... "Malek Ma'ani" wrote in message ... > what is the way to access my file and decrypt them again! ...
(microsoft.public.windowsxp.security_admin)
EFS Recovery Agent
... I am having a problem trying to decrypt information using a Recovery Agent. ... I have setup EFS using a GPO for the domain. ... accounts to be Recovery Agents for the domain, all of which are part of the ... When I use efsinfo /u /r on an encrypted file, ...
(microsoft.public.win2000.security)
Re: Multiple Data Recovery Agents in EFS for Win2000
... recovery agents can only be configured on local machine. ... be decrypted by the recovery agents shown by efsinfo. ... > delliot, delliot2, and administrator. ... > Users who can decrypt: ...
(microsoft.public.win2000.security)
Re: Decrypting an encrypted file
... The Recovery Agent needs to be designated in advance. ... You need your key to decrypt the data. ... > create keys, add Recovery Agents etc. and throw the file away? ...
(microsoft.public.windowsxp.security_admin)
I Was Able To Take Ownership But Not Able To Decrypt !
... I Was Able To Take The Ownership But i still cant decrypt ... My Best Regards, ... Malek Al-Ma'ani ... >Restore the original profile in Windows Server 2003 that ...
(microsoft.public.windowsxp.security_admin)