Re: EFS - Recovery agent

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 03/29/05 

Date: Tue, 29 Mar 2005 00:39:56 -0700

If you do have XP Pro, then defining a DRA is advised, as is
other loss preventatives such as making a password reset disk
and exporting and preserving the EFS cert/key (both actions for
any account that uses EFS). See
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx 

-- 
Roger Abell
Microsoft MVP (Windows  Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"barabba" <barabba72@hotmail.com> wrote in message
news:8ec33ba5.0503280801.4f9254d8@posting.google.com...
> Thank you very much for your answer. I should have read better along the
lines ;-)
>
> "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:<e0RxE#yMFHA.2580@TK2MSFTNGP09.phx.gbl>...
> > That info you quote is so for Windows 2000.
> > In Windows XP there is no default recovery agent for
> > a stand alone system.
> > You have not mentioned your version of Windows Pro.
> >
> > Also, the account must have NTFS permissions on the
> > file to be able to decrypt it.
> >
> > -- 
> > Roger Abell
> > Microsoft MVP (Windows  Security)
> > MCSE (W2k3,W2k,Nt4)  MCDBA
> > "barabba" <barabba72@hotmail.com> wrote in message
> > news:8ec33ba5.0503271514.1fa0dd3a@posting.google.com...
> > > Hello all,
> > >
> > > Microsoft says, in its Windows 2000 Resource Kit, what follows:
> > >
> > > QUOTE
> > > =====
> > > By default, the recovery agent account is the highest-level
> > > Administrator account. On a stand-alone computer, this is the local
> > > Administrator.
> > > END QUOTE
> > > =========
> > >
> > > I encrypted a file in a Windows Pro standalone using a regular user.
> > > Then I logon as local administrator but was denied access to the file.
> > > So why the local admin cannot decrypt the file ? Shouldn't it be by
> > > default granted such right ?
> > >
> > > Thank you for your time. I'm a bit confused about this.
> > >
> > > Bar

Relevant Pages