Re: EFS (Encrypting File System) - Unable to define Recovery Agent
From: Roger Abell [MVP] (mvpNOSPAM@asu.edu)
Date: 02/27/03
- Next message: Susan: "hotmail vs cookies - the war has begun!"
- Previous message: Roger Abell [MVP]: "Re: Extremely long (> 2 minutes) login time with XP pro and AD network"
- In reply to: Scott Beattie: "Re: EFS (Encrypting File System) - Unable to define Recovery Agent"
- Next in thread: Scott Beattie: "Re: EFS (Encrypting File System) - Unable to define Recovery Agent"
- Reply: Scott Beattie: "Re: EFS (Encrypting File System) - Unable to define Recovery Agent"
- Reply: Scott Beattie: "Re: EFS (Encrypting File System) - Unable to define Recovery Agent"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Roger Abell [MVP]" <mvpNOSPAM@asu.edu> Date: Thu, 27 Feb 2003 00:17:10 -0700
"Scott Beattie" <scottbeattie@comcast.net> wrote in message news:uc4YfAX3CHA.1896@TK2MSFTNGP10.phx.gbl...
> I was able to generate the certificate and the private key using the cipher
> /r. I then added the certificate to group policy as indicated. I also ran
> cipher /u so that the one existing encrypted text file would get the new
> recovery agent (administrator) listed as a valid recovery agent for the
> file. The file was encrypted by a user other than the administrator. If I
> log on as administrator with the intent to recover the encyrted file from
> the other user - and then I import the certificate and the private key and
> then attempt to manipulate the encrypted file in any way - I am told "access
> denied". I have even tried backing up the file using the backup utility and
> restoring it as a different file name in a different folder - I still cannot
> access it. What step am I missing to recover this file?
Not sure. The backup/restore and also the use of /u
both seem to rule out NTFS permission issue.
Did you say to not prompt when used when given the
choice while importing the pfx ? That is the only
choice that works - selecting to be prompted results
in inability to decrypt.
-- Roger > "Roger Abell [MVP]" <mvpNOSPAM@asu.edu> wrote in message > news:#YQFkDW3CHA.2576@TK2MSFTNGP11.phx.gbl... > That is cipher /r one uses for this > > -- > Roger > > "Peter Clark" <clark@hushmail.com> wrote in message > news:043401c2dd3c$487b1f80$a101280a@phx.gbl... > > its hidden away :-( > > > > cmd -> c:\>cipher /? > > > > read about the parameter /w > > > > create a new encryption key > > > > then add group policy for the local machine in mmc > > > > goto: console root\local computer policy\computer > > configuration\windows settings\security settings\public key > > policies\encrypting file system\ > > > > right click and add the .cer file you just created. > > > > n.b - i think this is the correct way - it worked for me > > anyhow, but check first. > >
- Next message: Susan: "hotmail vs cookies - the war has begun!"
- Previous message: Roger Abell [MVP]: "Re: Extremely long (> 2 minutes) login time with XP pro and AD network"
- In reply to: Scott Beattie: "Re: EFS (Encrypting File System) - Unable to define Recovery Agent"
- Next in thread: Scott Beattie: "Re: EFS (Encrypting File System) - Unable to define Recovery Agent"
- Reply: Scott Beattie: "Re: EFS (Encrypting File System) - Unable to define Recovery Agent"
- Reply: Scott Beattie: "Re: EFS (Encrypting File System) - Unable to define Recovery Agent"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
