Re: PKE on XP pro

From: Miha Pihler (mihap-news_at_atlantis.si)
Date: 07/28/04 

Date: Wed, 28 Jul 2004 22:36:22 +0200

After you add (new) recovery agent, you have to update all your files with
it. You can do this by running

cipher /u

For cipher /u to be successful, it has to "touch" any encrypted file and
update it. For this user that is running cipher /u has to have _valid_
_private_ key that can open (read) the encrypted files.

Mike

"Neil S" <anonymous@discussions.microsoft.com> wrote in message
news:618e01c474e0$4f685370$a501280a@phx.gbl...
> Have you tried:
> Start> Run> GPEDIT.MSC> ok> Local Computer Policy> Windows
> setings> Security settings> Public Key Policies>
> Encrypting file system> Right click add recovery agents>
> go through wizard and see if that helps.... Just curious
>
>
> I hope that helps,
> Neil S>

Relevant Pages

  • Re: recovery agent keys/certs
    ... If you want to be especially secure you can run "cipher /w" after you ... delete the .pfx file and empty the recycle bin. ... After the new recovery agent is in place in group policy have every user ... > Choose the 'Automatically Select The Certificate Store ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Recovery Agent certificate
    ... > Create a DRA cert using cipher /r ... >> to add a Recovery Agent to my computer Encryption File System ... >> Importing the certificate into the various "Root Trust" list etc makes ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Recovery Agent cannot recover encrypted files
    ... In "Local Security Policy" Went to the "public key Policies/EFS" section and ran the "Add data recovery Agent" wizard. ... Added the cert i created using the cipher command which added the efs_recovery user as a recovery agent. ...
    (microsoft.public.windows.file_system)
Loading