Re: recovery agent keys/certs
From: Drew Cooper [MSFT] (dcoop_at_online.microsoft.com)
Date: 01/15/04
- Next message: Drew Cooper [MSFT]: "Re: Service start order..."
- Previous message: Bob of Dallas: "Hacker accessing my computer from remote access"
- In reply to: Jerry.: "recovery agent keys/certs"
- Next in thread: jerry: "Re: recovery agent keys/certs"
- Reply: jerry: "Re: recovery agent keys/certs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 14 Jan 2004 18:34:21 -0800
Great overview! I'd like to add a couple of points:
- If you want to be especially secure you can run "cipher /w" after you
delete the .pfx file and empty the recycle bin. (Otherwise a raw read of
the volume could find the .pfx.)
- After the new recovery agent is in place in group policy have every user
with encrypted files run "cipher /u". The recovery agent of any given file
is updated when the file is opened. "cipher /u" tries to touch all the
files on the machine, updating any that the user can open.
-- Drew Cooper [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights. "Jerry." <anonymous@discussions.microsoft.com> wrote in message news:040801c3daff$85e970d0$a501280a@phx.gbl... > Hi, > > Here is a link that should help you out- > http://www.pcstats.com/articleview.cfm? > articleid=1508&page=6 > > In short, > > Creating a recovery agent: > > Decide which user you wish to use as a data-recovery > agent. It is recommended that you use the built > in 'administrator' account. Login as this account. > > Go to 'start\run' and type 'cmd' to bring up the command > prompt. > > Type 'cipher /r:(pick a filename) to create a digital > certificate for a recovery agent. You will be prompted to > set a password. This creates two files in the 'my > documents' folder of the current user. Be aware that these > files can be used by anyone to become a data-recovery > agent, so it is wise to remove them after we are finished > this procedure. > > And by remove them I mean delete the files and empty out > the "recycle bin." This effectively clears the files from > the computer, or you can manage the same result by holding > down the 'shift key' as you delete the selected files. > > Go to 'start\run' and type certmgr.msc. > > On the 'file to import' page, click 'browse' then change > the 'files of type' dropdown box to .pfx files > > Select the filename you created with the 'cipher /r:' > command. Type the password. > > Check the 'mark this key as exportable' box. > > Click 'next.' > > Choose the 'Automatically Select The Certificate Store > Based On The Type Of Certificate' option. > > Click 'next,' then 'finish.' > > Close the certificates console. > > Go to 'start\run' and type 'secpol.msc' to open the local > security policies. > > Navigate to 'Security Settings\Public Key > Policies\Encrypting File System,' and > Choose 'Action\Add Data Recovery Agent.' Click 'Next.' > > > Click 'browse folders.' Open the filename you created > earlier with the 'cipher' > command. Click 'next' then 'finish.' The current user is > now a data-recovery agent and > can decrypt any EFS encrypted files on the system > > -- Still check out the link as it provides you with screen > shots ok, - i had troubles getting EFS to work when i > first started with it ..but believe me once u get it > working..its awesome.. > > best of luck > > anonymous > >-----Original Message----- > >I've attempted to set up a recovery agent. The XP help > files talks about the > >mmc and exporting/importing these certificates/keys, but > I can't find any > >referrence to actually creating or obtaining the > keys/certificates. I'm the > >local computer admin and I need to recover an encrypted > file... Please tell > >me how to create the needed certs and keys. > >Thanks... > >mgm > > > > > >. > >
- Next message: Drew Cooper [MSFT]: "Re: Service start order..."
- Previous message: Bob of Dallas: "Hacker accessing my computer from remote access"
- In reply to: Jerry.: "recovery agent keys/certs"
- Next in thread: jerry: "Re: recovery agent keys/certs"
- Reply: jerry: "Re: recovery agent keys/certs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
Loading
