Re: Domain EFS Recovery Agent

• Previous message: Steven L Umbach: "Re: Secure File Transfers"
• In reply to: Brian Komar [MVP]: "Re: Domain EFS Recovery Agent"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 22 Sep 2005 07:20:50 -0700

Worked great!!!

Thanks for the help Brian

Charles

"Brian Komar [MVP]" <bkomar@nospam.identit.ca> wrote in message
news:MPG.1d9a54606d4d13779896a8@msnews.microsoft.com...
> In article <uBBZxRjvFHA.3932@TK2MSFTNGP15.phx.gbl>,
> charles_blair@hotmail.com says...
> > I have the unfortunate priveledge to be placed in a situation where the
> > first DC within a domain has been removed before the EFS recovery agent
> > certificate was exported.
> >
> > There are no backups of the original DC.
> >
> > Fortunately, EFS was not used in the domain, so there is not data loss,
but
> > I do want to get the domain EFS recovery agent working again.
> >
> > The only lead I have found is in the following link and I just want to
> > validate if the procedure will work in a Windows 2003 domain.
> >
> >
http://groups.google.com/group/microsoft.public.win2000.security/browse_thre
> >
ad/thread/3b0de0ea8c694253/bc975e764e0fbc04?lnk=st&q=Reinitialize+the+EDRP&r
> > num=1&hl=en#bc975e764e0fbc04
> >
> > TIA
> >
> > Charles
> >
> >
> >
> You can simply run cipher /R:filename at a Windows XP or Windows Server
> 2003 computer, and then import the filename.CER file into the EFS
> Recovery Agent GPO, and protect the filename.pfx file for any recovery
> attempts.
>
> Alternatively, deploy a PKI and request an EFS REcovery Agent
> certificate. Again, import the certificate into the EFS Recovery Agent
> GPO (at the domain is best), and then export the certificate as a PKCS#
> 12 file (.pfx) and protect it
>
> Brian

• Previous message: Steven L Umbach: "Re: Secure File Transfers"
• In reply to: Brian Komar [MVP]: "Re: Domain EFS Recovery Agent"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]