Re: EFS Recovery Agent

From: Steven Bellamy (nospam_at_nospam.com)
Date: 02/23/04


Date: Mon, 23 Feb 2004 08:28:11 -0000

Hi,

Thanks for all the feed back guys.
I managed to resolve the problem.
I was encrypting the files on a WinXP SP1 workstation, and trying to decrypt
on our W2K Adv Server.
The following KB Article helped resolve the problem, by setting XP to
encrypt data using the DESX algorithm (instead of the default AES_256
Algorithm which is understood by XP SP1 or later) I was able to remove the
encryption on the encrypted files using a RA.
 http://support.microsoft.com/default.aspx?scid=kb;en-us;329741

Thanks once again!

"Steven Bellamy" <nospam@nospam.com> wrote in message
news:el%23eTt89DHA.4080@tk2msftngp13.phx.gbl...
> Hi,
>
> I am having a problem trying to decrypt information using a Recovery
Agent.
>
> We're running a W2K Adv Server SP3 in mixed mode.
>
> I have setup EFS using a GPO for the domain. I have specified 3 user
> accounts to be Recovery Agents for the domain, all of which are part of
the
> admin group.
> I used the Wizard to add or create the RA's, I did not import any
> certificates.
>
> When I use efsinfo /u /r on an encrypted file, I get the following info.
>
> test.txt: Encrypted
> Users who can decrypt:
> ABCDOMAIN\user (user(user@abcdomain.com))
> Recovery Agents:
> Unknown (RA1(ra1@abcdomain.com))
> Unknown (RA2(ra2@abcdomain.com))
> Unknown (RA3(ra3@abcdomain.com))
>
> Does anyone know why the RA's have a domain of Unknown?
> Is this possibly why I can't decrypt a file on a PC that has a recovery
> agent certificate installed?
>
> Thanks for your help!
>
>



Relevant Pages

  • Re: EFS Recover Agents Unable to decrypt files
    ... The files were encrypted on XP or 2003 and you're trying to decrypt them ... > Created a test file on a workstation by a test account with Domain User ... > Recovery Agents I performed the process described in "Encrypting File ...
    (microsoft.public.win2000.file_system)
  • RE: Problem while decrypting
    ... Decrypt will decrypt ANY GARBAGE ... in CBC mode a block error affects only two ... simple hash: attach the hash value of the original data at the end, ... > i was encrypting the data using the pass phrase. ...
    (microsoft.public.platformsdk.security)
  • Re: Using CryptoStream
    ... You don't bother spending time trying to decrypt something that cannot possibly be encrypted ... As soon as the decrypted stream can be recognized as invalid, ... The main difference is that you have to do this verification anyway, so the work to implement the code is already done, whereas adding a signature just adds to the code you have to include. ... I mentioned decrypting as the only reliable way to know whether you can avoid _encrypting_ something. ...
    (microsoft.public.dotnet.languages.csharp)
  • ACT MASK DriveEncription Trashed My Drive
    ... ACT MASK DriveEncription Trashed My Drive ... for my number which I put in and my mistake was encrypting my drive ... DiskEncryption 4.01 Download ... decrypt it first, then update to 4.01 ...
    (microsoft.public.win2000.security)
  • Re: use Windows EFS to encrypt access .mdb file???
    ... Your backend database is MS Jet, ... I'm no expert on EFS, but I think that it causes data to be encrypted ... extra layers in the application (hence "Encrypting File System"). ... Finally, if your application needs a key in order to decrypt the data, ...
    (microsoft.public.access.security)