Re: EFS and recovery agents after migrating to Active Directory

From: xyz (sb@xyz.com)
Date: 03/19/02 

From: "xyz" <sb@xyz.com>
Date: Tue, 19 Mar 2002 09:55:57 -0600

yes. that worked. Thanks.

"Jonathan" <jonsteph283@hotmail.com> wrote in message
news:tWrl8.2727$Zg4.185580@typhoon.southeast.rr.com...
> The DRA's key will probably be on the first domain controller in the
domain.
> They recovery certificate and private key are generated the first time the
> Administrator logs on, and since this usually occurs on the first DC
> promoted, the key is likely to be there, assuming that the profile has not
> been overwritten.
>
> I suggest that you locate the key and export it in order to keep it safe.
>
> -- Jonathan
> "company" <sbalaji@dontspam.bindview.com> wrote in message
> news:06571956CED61605.341E18931DC28169.38E1FEC715321C34@lp.airnews.net...
> > I had some files encrypted on a W2K machine that was part of a NT4.0
> domain
> > structure. The account used to encrypt was a domain user account that
has
> > local admin
> > priveleges. Recently I migrated that account to a AD domain and a new
> > account was
> > created. When I log back in to the box with the old account, I was not
> able
> > to
> > decrypt the file. The private key portion of the certificate is not
found
> > and only the
> > certificate is there. EFSINFO /R /U /C lists the recovery agent as the
> > Active directory domain
> > admin with a thumbprint. But if the AD domain admin logs in to the box
and
> > tried it still gives
> > access denied. Next we tried the recovery steps as highlighted by
support
> > articles and here
> > and it still is not working.
> >
> > My question is where do I find the DRA's private key (on which box) and
> how
> > do I find one that matches the thumbprint of this DRA (as reported by
> > EFSINFO cmd)?
> >
> > Thanks in Advance
> > /s
> >
> >
> >
> >
>
>

Relevant Pages

  • Re: Passing password in ssh
    ... the scenario I described actually happened years ago to someone I ... If I create keys without a passphrase, and share the public keys between ... You do know that you first have to get the private key of the key ... But simply cracking into a user's account who has access to several ...
    (Fedora)
  • Re: public key authentication
    ... In general a private key is another instance ... using only a software container ... ... account fraud that has been in the press ... ... the multitude of business processes (other than transaction ...
    (comp.security.ssh)
  • Re: EFS and recovery agents after migrating to Active Directory
    ... They recovery certificate and private key are generated the first time the ... The account used to encrypt was a domain user account that has ... > admin with a thumbprint. ...
    (comp.os.ms-windows.nt.admin.security)
  • Re: EFS encrypt files: Changed PW now cant access... :-(
    ... Assuming the EFS certificate AND private key are in the user's profile you ... need to change the user account password back to what it was before they ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Can a Windows service find a certificate ?
    ... If you wish to use a certificate and its corresponding private key you will ... the service account). ... Or beter: Which user can install ...
    (microsoft.public.platformsdk.security)
Quantcast