Re: making administrator account the DRA in XP Profession
- From: Bruce Chambers <bchambers@xxxxxxxxxxxx>
- Date: Mon, 02 Jan 2006 10:25:00 -0700
Mike Fields wrote:
"Bruce Chambers" <bchambers@xxxxxxxxxxxx> wrote in message news:O9R%23Yv6DGHA.2292@xxxxxxxxxxxxxxxxxxxxxxx
alexm wrote:
First, I apologize; this question is rather simple, and has already
been
addressed. But I still can't get it to work.
I encyrpt files with EFS on a user account on my standalone XP Pro workstation. I wish to be able to access to them from the admin
account. I
therefore wish to enable the admin account as a data recovery agent.
I have
done the following, while logged on to the admin account: used cipher /R:filename to generate a certificate (and private key) used gpedit to add this certificate to the encryption policy.
However, I still cannot decrypt newly created files from the admin
account;
there seems to be another step I need to complete. Perhaps, I need
to import
the private key I created into the admin account.
Can anyone tell me what I need to do, and tell me or point me to
how?
In order to designate the Administrator as a DRA, the computer must be part of a Domain; and even then, it is the Domain Administrator who
can
be the DRA, not the local Administrator. This alternate access method is unavailable on stand-alone PCs.
Bruce Chambers
From what I read, you can set the administrator (at least that was what it looked like) as the DRA without being part of a domain. I tried that on mine (xp pro) and when I view the file properties - advanced - details, it shows both me as the key holder and the administrator as the DRA. http://support.microsoft.com/default.aspx?scid=kb;en-us;241201&sd=tech http://support.microsoft.com/default.aspx?scid=kb;en-us;223316 about 1/2 way down this one is some more info: http://www.techzonez.com/forums/archive/index.php/t-13009.html a multi-part article on encryption and recovery agents http://www.practicalpc.co.uk/computing/windows/xpencrypt1.htm Here is some info from MS on "adding a recovery agent to a local computer" (watch the link wrap) http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/encrypt_to_add_recovery_agent.mspx?pf=true also look at http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/encrypt_recovery_overview.mspx There is also a bunch of info in the XP Resource Kit.
mikey
My mistake, then. Thanks for the correction. It would also appear that this KB Article may be pertinent:
The Local Administrator Is Not Always the Default Encrypting File System Recovery Agent
http://support.microsoft.com/kb/255026/
--
Bruce Chambers
Help us help you: http://dts-l.org/goodpost.htm http://www.catb.org/~esr/faqs/smart-questions.html
You can have peace. Or you can have freedom. Don't ever count on having both at once. - RAH
.
- Follow-Ups:
- Re: making administrator account the DRA in XP Profession
- From: Mike Fields
- Re: making administrator account the DRA in XP Profession
- References:
- Re: making administrator account the DRA in XP Profession
- From: Bruce Chambers
- Re: making administrator account the DRA in XP Profession
- From: Mike Fields
- Re: making administrator account the DRA in XP Profession
- Prev by Date: Re: Trojan/Browsela/Looksky
- Next by Date: Re: Access Denied to folder with XP Server 2003
- Previous by thread: Re: making administrator account the DRA in XP Profession
- Next by thread: Re: making administrator account the DRA in XP Profession
- Index(es):
Relevant Pages
|
