Hi,
can you open this certificates (view it). On first page on the top there
is
purpose definition for a certificate. It should state "Allows data on
disk
to be encrypted". Is that so? There can be other purposes but it must
also
be the above mentioned one...
About the call. I am from EU so I am not sure if it's economical for
you...
Mike
It is a security certificate and I had used the mmc.exe to get it. It
is
one of the users in my machine. Can I call you or something so we can
get
this done in a less futile way?
--
ENAS
:
What certificate do you use? How did you get it? What is it's
extension?
*.cer?
Mike
Mike,
Hi. So far I am lucky in that aghosted HDD I had provisionally given
to
a
friend has saved the day, EXCEPT for a folder which I had originally
fiddled with and right now I have a challenge in my hands. About 98%
of
my
data has been recovered except for this folder.
Now, when I attempt to install a DRA I get the following error:
"The file contains no certificates suitable for EFS Recovery. Please
select another file or user."
It really makes me angry that I cannot find a definitive 'manul' if
you
want to call it that to help me do this right. Instead I get some
boorish
document from these other MVPs which do nothing for my situation!
OIiiiiiiiiiiiiiiiiiiiiiiiiii!!!!!!!
--
ENAS
:
Thanks,
I am glad I was able to help out,
Mike
Mike,
I must tell you, I took the time to read those tedious links that
MVP
person sent me and as I wrote already tedious, it was painful to
go
through and got next to NOTHING about how it's done. Your
directions
appear to be superior in their guidance and I think you should be
the
MVP!
Also, the thing I was able to get out of the FAQ is that I must
designate
a DRA BEFOREHAND I begin encrypting docs, is this correct?
Also, my current user account is already an Administrator, so is
it
still
necessary for me to log in as Administrator proper?
Thanks!
--
ENAS
:
Well most of us around here answer these questions on our free
time
for
free
to help out. I am sure that you could find your answer in one of
those
FAQs,
but it takes time I know...
Well you need a recovery agent. You have few options. First one
is
you
can
make your administrator a recovery agent or you can create a new
user
that
will be your recovery agent.
If you want it to be administrator logon as administrator. Check
that
administrator has a certificate that will enable him EFS
function.
For
this
you can use IE under Tools -> Internet options -> Content ->
Certificates.
If there is a certificate Issued to: Administrator you can
export
it
by
clicking export. If you have the option select No, do not export
the
private
key and save the *.cer file on local hard drive. Remember the
path
where
you
saved it and close all the windows. If you don't have any
certificates
for
administrator encrypt any file to create a self signed
certificate
for
administrator (e.g. create an empty text file and encrypt it;
you
can
then
delete it)...
Then open group policy editor (start -> run -> gpedit.msc) and
drill
down
under computer configuration -> windows settings -> security
settings ->
Public key Policies -> Encryption File System -> right click in
right
pane
and select Add Recover Agent. Select Browse (folders) and look
up
an
administrator certificate that you exported earlier and add
it...
After you have done this close Group Policy editor and log off
as
administrator and logon in your usual account. From command line
run:
cipher
/u. This will update all your encrypted files with new data
recovery
agent...
On your system don't have any user accounts with blank or easy
to
guess
password. This will make EFS useless. Your certificates will
expire
after
1
year so will have to issue new one (e.g. if administrator
certificate
expires and you won't renew it, you won't be able to encrypt any
files)...
Last but not least. Export and make backup copies of ALL your
private
keys!
I hope this helps you out,
Mike
No it's a home workstation. I was angry before which is why I
wrote
in
Caps. I said in my original message, if whoever sees my post
and
sends
a
FAQ, don't do it! So what happened? This carey person sends me
the
lazy
answer, FAQ! Which in turn DID NOT answer my question.
Anyway, like I siad in my message I have successfully
installed
my
certificate in the personal store and it has been accepted. My
problem
now, is that I am having a difficult time on how the Data
Recovery
Agent
is installed.
--
ENAS
:
You could give us some more information if you want specific
answer.
First
quite important information is is you computer part of domain
or
not?
And please don't write in all capital letters. It's not
polite
and
it's
hard
to read.
Mike
I NEED ONE SPECIFIC ANSWER NOT THOSE FAQs! THEY DO NOT
ANSWER
MY
QUESTION
ELOQUENTLY!!!!!!!!!!
--
ENAS
:
HOW TO: Remove File Encryption in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;EN-US;308993
Methods for Recovering Encrypted Data Files
http://support.microsoft.com/default.aspx?scid=kb;EN-US;255742
--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User
Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/
---------------------------------------------------------------------------------------
message:
| Please provide me with a step-by-step solution not go to
the
FAQ
and
go
take a jump int he lake! I need to
know how to include the Recovery Agent in the slot that
shows
the
encryption details for a particular file.
| For example in the upper window we see the User(s) who
have
transparent
access to the file and below it
shows the Data Recovery Agent which can recover [decrypt]
that
file.
| I need to know how I install this Recovery Agent. HOW IS
THIS
DONE?
Step-by-step not a FAQ file that is
chaotic and simply opens up another can of worms!
| --
| ENAS