Re: making administrator account the DRA in XP Profession
- From: "Mike Fields" <spam_me_not_mr.gadget2@xxxxxxxxxxx>
- Date: Mon, 2 Jan 2006 08:12:18 -0800
"Bruce Chambers" <bchambers@xxxxxxxxxxxx> wrote in message
news:O9R%23Yv6DGHA.2292@xxxxxxxxxxxxxxxxxxxxxxx
> alexm wrote:
> > First, I apologize; this question is rather simple, and has already
been
> > addressed. But I still can't get it to work.
> >
> > I encyrpt files with EFS on a user account on my standalone XP Pro
> > workstation. I wish to be able to access to them from the admin
account. I
> > therefore wish to enable the admin account as a data recovery agent.
I have
> > done the following, while logged on to the admin account:
> > used cipher /R:filename
> > to generate a certificate (and private key)
> > used gpedit to add this certificate to the encryption policy.
> >
> > However, I still cannot decrypt newly created files from the admin
account;
> > there seems to be another step I need to complete. Perhaps, I need
to import
> > the private key I created into the admin account.
> >
> > Can anyone tell me what I need to do, and tell me or point me to
how?
> >
>
> In order to designate the Administrator as a DRA, the computer must be
> part of a Domain; and even then, it is the Domain Administrator who
can
> be the DRA, not the local Administrator. This alternate access method
> is unavailable on stand-alone PCs.
>
>
> Bruce Chambers
>
>From what I read, you can set the administrator (at least
that was what it looked like) as the DRA without being
part of a domain. I tried that on mine (xp pro) and when
I view the file properties - advanced - details, it shows
both me as the key holder and the administrator as the
DRA.
http://support.microsoft.com/default.aspx?scid=kb;en-us;241201&sd=tech
http://support.microsoft.com/default.aspx?scid=kb;en-us;223316
about 1/2 way down this one is some more info:
http://www.techzonez.com/forums/archive/index.php/t-13009.html
a multi-part article on encryption and recovery agents
http://www.practicalpc.co.uk/computing/windows/xpencrypt1.htm
Here is some info from MS on "adding a recovery agent to a local
computer" (watch the link wrap)
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/encrypt_to_add_recovery_agent.mspx?pf=true
also look at
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/encrypt_recovery_overview.mspx
There is also a bunch of info in the XP Resource Kit.
mikey
.
- Follow-Ups:
- Re: making administrator account the DRA in XP Profession
- From: Bruce Chambers
- Re: making administrator account the DRA in XP Profession
- References:
- Re: making administrator account the DRA in XP Profession
- From: Bruce Chambers
- Re: making administrator account the DRA in XP Profession
- Prev by Date: Re: Local admin rights not flowing through
- Next by Date: Re: Local admin rights not flowing through
- Previous by thread: Re: making administrator account the DRA in XP Profession
- Next by thread: Re: making administrator account the DRA in XP Profession
- Index(es):
Relevant Pages
|
