Re: EFS Recovery Agent
From: Steven Bellamy (nospam_at_nospam.com)
Date: Mon, 23 Feb 2004 08:28:11 -0000
Thanks for all the feed back guys.
I managed to resolve the problem.
I was encrypting the files on a WinXP SP1 workstation, and trying to decrypt
on our W2K Adv Server.
The following KB Article helped resolve the problem, by setting XP to
encrypt data using the DESX algorithm (instead of the default AES_256
Algorithm which is understood by XP SP1 or later) I was able to remove the
encryption on the encrypted files using a RA.
Thanks once again!
"Steven Bellamy" <email@example.com> wrote in message
> I am having a problem trying to decrypt information using a Recovery
> We're running a W2K Adv Server SP3 in mixed mode.
> I have setup EFS using a GPO for the domain. I have specified 3 user
> accounts to be Recovery Agents for the domain, all of which are part of
> admin group.
> I used the Wizard to add or create the RA's, I did not import any
> When I use efsinfo /u /r on an encrypted file, I get the following info.
> test.txt: Encrypted
> Users who can decrypt:
> ABCDOMAIN\user (user(firstname.lastname@example.org))
> Recovery Agents:
> Unknown (RA1(email@example.com))
> Unknown (RA2(firstname.lastname@example.org))
> Unknown (RA3(email@example.com))
> Does anyone know why the RA's have a domain of Unknown?
> Is this possibly why I can't decrypt a file on a PC that has a recovery
> agent certificate installed?
> Thanks for your help!