Re: Cant create keypair for EFS DRA
From: Brian Komar (bkomar@komarconsulting.com)
Date: 08/14/02
- Next message: _Mike_: "Re: FTP server comprimised"
- Previous message: Brian Komar: "Re: Folder Encrypted (HELP!)"
- In reply to: Shawn Lukaschuk: "Cant create keypair for EFS DRA"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Brian Komar <bkomar@komarconsulting.com> Date: Tue, 13 Aug 2002 21:34:47 -0500
In article <09d201c2418c$1c8fd3d0$a5e62ecf@tkmsftngxa07>, junkmail2
@lukaschuk.com says...
>
> This server does not have Certificate Server installed
> but I didnt think thats a requirement. EFS encryption
> certificates are generated OK and EFS is functioning. I
> just cant generate key pair to define recovery agents.
>
>
You will have to install an Enterprise CA on the network that will issue
the EFS Recovery Agent certificates. Change the permissions on the
certificate template to allow the desired user account Read and Enroll
permissions.
If you have Windows XP clients on the network, you can use the cipher
command to generate a new EFS recovery agent certificate by running
CIPHER /R.
This command generates an EFS recovery agent key and certificate, then
writes them to a .PFX file (containing certificate and private key) and
a .CER file (containing only the certificate).
You can then add the /CER file tot he EFS recovery policy for the domain
by importing the certificate from a file. For recovery, you can import
the PFX file into any user account that is performing the EFS recovery.
For more information on EFS and EFS recovery, please see:
http://www.microsoft.com/windowsxp/pro/techinfo/administration/recovery/
HTH,
Brian
- Next message: _Mike_: "Re: FTP server comprimised"
- Previous message: Brian Komar: "Re: Folder Encrypted (HELP!)"
- In reply to: Shawn Lukaschuk: "Cant create keypair for EFS DRA"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
