Re: NTFS encryption problem

From: DevilsPGD (spammelikeiwanttobespammed@crazyhat.net)
Date: 10/27/02


From: DevilsPGD <spammelikeiwanttobespammed@crazyhat.net>
Date: Sun, 27 Oct 2002 21:17:15 GMT


In message <<OWvdxoafCHA.2592@tkmsftngp09>> "Karl Levinson [x y] MVP"
<jamescagney90210@excite.com> did ramble:

>In AD, the domain Administrator account is the default EFS recovery agent.
>Try logging in as domain admin and following the instructions for doing EFS
>recovery. And back up your encryption keys ASAP, because without them, your
>files are out of luck. Information on how to do both of these is available
>by searching either this newsgroup for "EFS" or www.microsoft.com/support
>for "EFS recovery"

One more thing I tried, I was able to get into lockup this morning to
get my W2K resource kit, and I ran EFSINFO.EXE and got the following
output:

  Users who can decrypt:
    NTDOMAIN\devilspgd (OU=EFS File Encryption Certificate, L=EFS,
CN=DevilsPGD)

  Recovery Agents:
    Unknown (OU=EFS File Encryption Certificate, L=EFS,
CN=Administrator)

I am logged on as NTDOMAIN\devilspgd right now, so shouldn't that give
me rights to decrypt? -- Failing that, should I try
NTDOMAIN\Administrator?

-- 
Whenever I feel blue, I start breathing again.


Relevant Pages

  • Re: Restoring Encrypted Files
    ... domain administrator account as the EFS recovery agent? ... > encryption attribute on these files. ...
    (microsoft.public.win2000.security)
  • Re: Restoring Encrypted Files
    ... > domain administrator account as the EFS recovery agent? ... >> Kevin McGowan ... >> Computer Abilities ...
    (microsoft.public.win2000.security)
  • Re: NTFS encryption problem
    ... > I've run into a minor problem with NTFS encryption. ... > the same (active directory based) user account as I used on the previous ... the domain Administrator account is the default EFS recovery agent. ...
    (microsoft.public.security)
  • Re: adding EFS Recovery agents
    ... I'm on a Win2K platform. ... You can export that certificate to a .PFX (including the ... > EFS recovery agent key and certificate. ...
    (microsoft.public.win2000.security)
  • Re: gesperrter Account empfängt keine Emails mehr
    ... Dafür hast Du einen EFS Recovery Agent in Deiner Domäne. ... > keine Emails annehmen. ...
    (microsoft.public.de.exchange)