Re: EFS Certs in AD or local PC?

When we provision a new computer we require all users to backup their certs
over admin supervision so we can get the backups to archives. The only
problem with that is for non-server related backups to be pulled from our
off-site location it takes them 3-5 days to locate it. The user is on
vacation until Wednesday, I didn't want them to have to wait until Thursday
or Friday next week but it seems that they have no choice.

Thanks for the info. It will come in handy in the future!

"Steve" wrote:

While there are ways to archive EFS certificate/private keys, I believe that
requires W2003 Enterprise, and in your case his certificate/private key was
on the local computer. See if he possibly exported it for backup at some
point in time to see if he can import it back into his computer via a .pxf
file. If the domain security policy has a Recovery Agent configured then the
RA [usually built in domain administrator account] could logon to a computer
that contains the RA EFS certificate/private key [usually the domain
controller] and deccrypt the files. Note that ANY EFS certificate used to
attempt to decrypt files MUST also have the matching private key - a .cer
file does NOT. Though he/you may not be able to access the files right now
you can view the advanced properties/detains of them to see if a RA is
included as user that can decrypt.

Steve


"Quilnux" <Quilnux@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:95785FD5-839E-4A23-B4C9-974A3E6884B2@xxxxxxxxxxxxxxxx
Hello,

We have a user which was using a desktop with an EFS folder. Recently the
OS
drive failed and we had to reload the system from a new HDD. The EFS
folder
is on a secondary drive which is ok but I need to know if he will be able
to
access the folder when he logs in next wednesday from his account in AD or
if
I need to get his EFS cert from archives. It takes archives a week to get
us
the disks we need so if it is saved in his AD account I may not need to
contact them.

Thanks,
Quilnux



.

Relevant Pages

  • EFS file recovery without the exported cert
    ... I use efs on a few folders that resides on a w2k ... I there a way to recover my certs and my EFS files? ... Please don't tell me that I need to backup my certs after applying efs ...
    (microsoft.public.win2000.security)
  • Re: How to clean install XP Home with Acronis True image 11
    ... The acronis help file is ... Primary - if you are going to restore a system partition, ... backup towards the internal secondary D drive, that's why I said the D ... were storing the backup files (archives) on the internal HDD that you were ...
    (microsoft.public.windowsxp.general)
  • Re: Backup media; comments would be appreciated.
    ... there are no adequate backup tools for Linux ... >> that automate the process adequarely. ... >tape before it fills completely. ... the added use of PAR files to insure recovery of damaged archives. ...
    (comp.os.linux.security)
  • Re: Non system disk - press any key
    ... Acronis True Image Home 11 program to create disk images for backup purposes ... This incremental backup process proceeds considerably faster than ... Proceed through the screens as you did in creating the initial backup ... files (archives) are listed, then click on the last incremental backup file ...
    (microsoft.public.windowsxp.general)
  • Re: DAR differential backup
    ... >> Say you want to make a first full backup of your system. ... Dar keeps track of the secondary chunk numbers for you, ... >though I don't see where DAR gets information about previous archives. ... delete all of your previous differentials, and remake a brand new first ...
    (alt.os.linux.suse)