Re: Data Recovery Agent

From: Miha Pihler (mihap-news_at_atlantis.si)
Date: 06/23/04 

Date: Wed, 23 Jun 2004 22:54:46 +0200

Thanks,

I am glad I was able to help out,

Mike

"XDA974" <XDA974@discussions.microsoft.com> wrote in message
news:0A3514F4-FB60-4D67-AE0D-816AE9FDE2AD@microsoft.com...
> Mike,
> I must tell you, I took the time to read those tedious links that MVP
> person sent me and as I wrote already tedious, it was painful to go
> through and got next to NOTHING about how it's done. Your directions
> appear to be superior in their guidance and I think you should be the MVP!
> Also, the thing I was able to get out of the FAQ is that I must designate
> a DRA BEFOREHAND I begin encrypting docs, is this correct?
> Also, my current user account is already an Administrator, so is it still
> necessary for me to log in as Administrator proper?
> Thanks!
> --
> ENAS
>
>
> "Miha Pihler" wrote:
>
>> Well most of us around here answer these questions on our free time for
>> free
>> to help out. I am sure that you could find your answer in one of those
>> FAQs,
>> but it takes time I know...
>>
>> Well you need a recovery agent. You have few options. First one is you
>> can
>> make your administrator a recovery agent or you can create a new user
>> that
>> will be your recovery agent.
>>
>> If you want it to be administrator logon as administrator. Check that
>> administrator has a certificate that will enable him EFS function. For
>> this
>> you can use IE under Tools -> Internet options -> Content ->
>> Certificates.
>> If there is a certificate Issued to: Administrator you can export it by
>> clicking export. If you have the option select No, do not export the
>> private
>> key and save the *.cer file on local hard drive. Remember the path where
>> you
>> saved it and close all the windows. If you don't have any certificates
>> for
>> administrator encrypt any file to create a self signed certificate for
>> administrator (e.g. create an empty text file and encrypt it; you can
>> then
>> delete it)...
>>
>> Then open group policy editor (start -> run -> gpedit.msc) and drill down
>> under computer configuration -> windows settings -> security settings ->
>> Public key Policies -> Encryption File System -> right click in right
>> pane
>> and select Add Recover Agent. Select Browse (folders) and look up an
>> administrator certificate that you exported earlier and add it...
>> After you have done this close Group Policy editor and log off as
>> administrator and logon in your usual account. From command line run:
>> cipher
>> /u. This will update all your encrypted files with new data recovery
>> agent...
>>
>> On your system don't have any user accounts with blank or easy to guess
>> password. This will make EFS useless. Your certificates will expire after
>> 1
>> year so will have to issue new one (e.g. if administrator certificate
>> expires and you won't renew it, you won't be able to encrypt any
>> files)...
>> Last but not least. Export and make backup copies of ALL your private
>> keys!
>>
>> I hope this helps you out,
>>
>> Mike
>>
>> "XDA974" <XDA974@discussions.microsoft.com> wrote in message
>> news:FF26CE48-B543-4386-A04B-E5D6410C29EA@microsoft.com...
>> > No it's a home workstation. I was angry before which is why I wrote in
>> > Caps. I said in my original message, if whoever sees my post and sends
>> > a
>> > FAQ, don't do it! So what happened? This carey person sends me the lazy
>> > answer, FAQ! Which in turn DID NOT answer my question.
>> > Anyway, like I siad in my message I have successfully installed my
>> > certificate in the personal store and it has been accepted. My problem
>> > now, is that I am having a difficult time on how the Data Recovery
>> > Agent
>> > is installed.
>> > --
>> > ENAS
>> >
>> >
>> > "Miha Pihler" wrote:
>> >
>> >> You could give us some more information if you want specific answer.
>> >> First
>> >> quite important information is is you computer part of domain or not?
>> >>
>> >> And please don't write in all capital letters. It's not polite and
>> >> it's
>> >> hard
>> >> to read.
>> >>
>> >> Mike
>> >>
>> >> "XDA974" <XDA974@discussions.microsoft.com> wrote in message
>> >> news:4509A7BF-B151-4650-A00D-5492B0D7CFAB@microsoft.com...
>> >> >I NEED ONE SPECIFIC ANSWER NOT THOSE FAQs! THEY DO NOT ANSWER MY
>> >> >QUESTION
>> >> >ELOQUENTLY!!!!!!!!!!
>> >> > --
>> >> > ENAS
>> >> >
>> >> >
>> >> > "Carey Frisch [MVP]" wrote:
>> >> >
>> >> >> HOW TO: Remove File Encryption in Windows XP
>> >> >> http://support.microsoft.com/default.aspx?scid=kb;EN-US;308993
>> >> >>
>> >> >> Methods for Recovering Encrypted Data Files
>> >> >> http://support.microsoft.com/default.aspx?scid=kb;EN-US;255742
>> >> >>
>> >> >> --
>> >> >> Carey Frisch
>> >> >> Microsoft MVP
>> >> >> Windows XP - Shell/User
>> >> >>
>> >> >> Be Smart! Protect your PC!
>> >> >> http://www.microsoft.com/security/protect/
>> >> >>
>> >> >> ---------------------------------------------------------------------------------------
>> >> >>
>> >> >> "XDA974" <XDA974@discussions.microsoft.com> wrote in message:
>> >> >> news:96B713C4-CB8B-44D4-A198-8CE403697949@microsoft.com...
>> >> >>
>> >> >> | Please provide me with a step-by-step solution not go to the FAQ
>> >> >> and
>> >> >> go
>> >> >> take a jump int he lake! I need to
>> >> >> know how to include the Recovery Agent in the slot that shows the
>> >> >> encryption details for a particular file.
>> >> >> | For example in the upper window we see the User(s) who have
>> >> >> transparent
>> >> >> access to the file and below it
>> >> >> shows the Data Recovery Agent which can recover [decrypt] that
>> >> >> file.
>> >> >> | I need to know how I install this Recovery Agent. HOW IS THIS
>> >> >> DONE?
>> >> >> Step-by-step not a FAQ file that is
>> >> >> chaotic and simply opens up another can of worms!
>> >> >> | --
>> >> >> | ENAS
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>

Relevant Pages

  • Re: Data Recovery Agent
    ... > Well you need a recovery agent. ... > If you want it to be administrator logon as administrator. ... > administrator has a certificate that will enable him EFS function. ... > administrator (e.g. create an empty text file and encrypt it; ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Data Recovery Agent
    ... Well you need a recovery agent. ... If you want it to be administrator logon as administrator. ... If there is a certificate Issued to: Administrator you can export it by ... administrator (e.g. create an empty text file and encrypt it; ...
    (microsoft.public.windowsxp.security_admin)
  • RE: Recovery agent for EFS, how can i get it done PLEASE HELP
    ... Login as Local Administrator ... E. Right click cert and export to floppy. ... > i get this error "Add Recovery Agent ... > i tried to install CA and then i tried to request certificate but i get this ...
    (microsoft.public.windows.server.active_directory)
  • Re: Data Recovery Agent
    ... It is a security certificate and I had used the mmc.exe to get it. ... >> Mike, ... >>>> Also, my current user account is already an Administrator, so is it ... >>>>> make your administrator a recovery agent or you can create a new user ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Data Recovery Agent
    ... "The file contains no certificates suitable for EFS Recovery. ... >> Also, my current user account is already an Administrator, so is it still ... >>> make your administrator a recovery agent or you can create a new user ... >>> administrator has a certificate that will enable him EFS function. ...
    (microsoft.public.windowsxp.security_admin)
Loading