Re: Recovery Agent configured in GPO, but cannot see it in Encrypt
- From: daniel_theracer <danieltheracer@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 27 Feb 2006 03:37:26 -0800
Hi Steven !
Thank you for your tips....
gpresult says, all policies applied successfully,
especially the EFS Recovery Policy
I checked the certificates twice, they are made out of a EFS Recovery Template
i created a file and encrypted it 4 mins. ago, no RA is defined....
is there a possibility to reset the efs portion of windows xp that it
reloads gpo settings ?
We now have several users, who need their files recovered.....
bad situation
regards
daniel
"Steven L Umbach" wrote:
Did running rsop.msc on that computer show the RA was defined by the domain.
GPO?? Possibly the file was encrypted before a RA was configured and has not
been access since. Try opening the file to see if a RA shows after closing
it or creating a new EFS file to see what shows. If that all fails then
maybe there is a problem with GP applying to the computer. Usually that will
show as userenv errors/warning in the application log. The support tool
gpresult can also show what Group Policies are being applied to the computer
and the last time they were applied. The certificates that you added to the
domain GP need to be RA certificates when you view them. --- Steve
"daniel_theracer" <danieltheracer@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:5F0CAF64-F585-49CB-8389-B26F961ABF74@xxxxxxxxxxxxxxxx
Hi Steve !
Sorry, for misunderstood,
the domain group policy is defined, autoenrollment enabled, two accounts
entered as recovery agents..
on the client all group policies are applied, but in the details of an efs
encrypted file i still cannot see any RA ....
regards
Daniel
"Steven L Umbach" wrote:
Just because you can not see it in Local Security Policy does not mean
that
it is not enabled as that just means there is nothing defined in Local
Security Policy. Run rsop.msc on a computer to see if it shows configured
via your domain Group Policy and you can also examine the properties of
an
EFS file in properties/advanced - details [or use efsinfo] to see if a RA
is
associated with the EFS file. --- Steve
"daniel_theracer" <danieltheracer@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:A30710BB-1198-42D2-9CDA-59BCE01944CD@xxxxxxxxxxxxxxxx
Hi ms folks !
I'm a bit stressed, my users work with their efs certificates and do a
lot
encrypting.
I now discovered, that if i look to encryption details of a file, there
is
no RA displayed.
But i configured two accounts as RA 's
What can i do ?
Domain Policy is defined, configured.
when i look the the local security policy of a domain computer i cannot
see
anything
= "no policy defined"
Pls. help !
thank you very much
Daniel
- References:
- Re: Recovery Agent configured in GPO, but cannot see it in Encryption
- From: Steven L Umbach
- Re: Recovery Agent configured in GPO, but cannot see it in Encrypt
- From: Steven L Umbach
- Re: Recovery Agent configured in GPO, but cannot see it in Encryption
- Prev by Date: Re: Disabling shared Internet access for local user but allowing for others
- Next by Date: Re: Controlling which program goes to which profile
- Previous by thread: Re: Recovery Agent configured in GPO, but cannot see it in Encrypt
- Next by thread: Re: Nebula Secure Segment Transfer Protocol
- Index(es):
Relevant Pages
|
