Re: EFS recovery agent
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 16 Jan 2007 21:18:59 -0600
If one is not specified at the domain level then the local administrator
will automatically be RA when you encrypt a file on Windows 2000 assuming
domain policy allows EFS use. If an RA is specified at the domain level then
you will not be able to specify one in Local Security Policy that will work.
FYI in Windows 2000 using the local administrator as a RA can be a security
risk because if a malicious user can access your computer he can use a
utility to change the built in administrator password and then logon as the
built in administrator to access any EFS files on the computer unless the RA
private key had been exported/deleted.
Steve
"vashi" <vashi@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:798028BF-3058-4ED8-BA70-3E863E1101B1@xxxxxxxxxxxxxxxx
My laptop is part of domain. Can I specify the local administrator be the
data recovery agent for my EFS ?
if yes, how to set it ?
if yes, does that mean while travelling I can login as local admin as
access
the EFS files encrypted while I was on my office LAN logged in with my
domain
ID
.
- Prev by Date: Re: Password Complexity
- Next by Date: Re: Administrative rights on specified domain controller
- Previous by thread: Re: Read security policy
- Next by thread: Re: Anti games
- Index(es):
Relevant Pages
|
