Hi Neil,
Thanks for posting here!
According to your description, I understand that you encounter some
difficulties on creating Data Recovery Agent on Windows XP client.
For your convenience, I included the process below to create Data Recovery
Agent on Windows XP. You may verify your process with the steps below to
re-create Data Recovery Agent and check if this issue persists:
1. Log on as the local administrator. From a command prompt, type:
"CIPHER /R:filename" without quotes, and press Enter.
NOTE: /R Generates a PFX and a CER file with a self-signed EFS recovery
certificate in them. filename= A filename without extensions
This command will generate filename.PFX (for data recovery) and
filename.CER (for
use in the policy). The certificate is generated in memory and deleted when
the
files are generated. Once the keys have been generated the certificate
should be
imported into the local policy and the private keys stored in a secure
location.
2. Open the Local Policy Editor. Go to Public Key Policies\Encrypting File
System. Right-click and choose to add a data recovery agent.
This starts the Data Recovery Agent Wizard choose to browse files to your
filename.cer that you created
3. Now open up the MMC and add the certificate stap-in. Choose the logged
on user. Go to the personal store of that user and right click and go to
all tasks and choose to import certificate. Browse to the filename.pfx
that you created. You will have to change the drop down box to pfx files.
It will default to .cer files. Enter the password that you specifed when
you created the keys with cipher Place it in the personal store
More info here:
Data Protection and Recovery in Windows XP
http://www.microsoft.com/technet/prodtechnol/winxppro/support/dataprot.asp
308991 HOW TO: Share Access to an Encrypted File in Windows XP
http://support.microsoft.com/?id=308991
Hope this info helps!
Have a great day!
Thanks & Regards,
Kyle Cui
Microsoft Online Partner Support
MCSE2000, MCDBA2000
Get Secure! -
www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Neil" <
[email protected]>
| Newsgroups: microsoft.public.windowsxp.security_admin
| Subject: Data Recovery Agent - where have you gone ?
| Date: Mon, 26 Jan 2004 10:28:55 +1100
| Organization: Netspace Internet
| Lines: 18
| Message-ID: <
[email protected]>
| NNTP-Posting-Host: dsl-203-113-221-2.vic.netspace.net.au
| X-Trace: otis.netspace.net.au 1075073344 54143 203.113.221.2 (25 Jan 2004
23:29:04 GMT)
| X-Complaints-To: (e-mail address removed)
| NNTP-Posting-Date: Sun, 25 Jan 2004 23:29:04 +0000 (UTC)
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| Path:
cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.su
l.t-online.de!t-online.de!130.59.10.21.MISMATCH!irazu.switch.ch!switch.ch!fu
-berlin.de!newsfeed.iinet.net.au!newsfeed.iinet.net.au!203.10.110.105.MISMAT
CH!news.netspace.net.au!not-for-mail
| Xref: cpmsftngxa07.phx.gbl
microsoft.public.windowsxp.security_admin:109200
| X-Tomcat-NG: microsoft.public.windowsxp.security_admin
|
| Having run through the process of creating a DRA and importing it
| successfully into secpol.msc, I'm
| wondering why it does not 'list' anywhere....
|
| My personal certificate is listed however the DRA certificate does not
list.
| Is it listed under another certificate store ?
|
| Lastly, if I export all .cer's and .pfx's to removable media for
safekeeping
| (CD), do I then need to refer to this CD
| every time I want to work with my encrypted files and if so, can I simply
| point the operating system to the CD or must
| I import the information back onto the computer.
|
| Thanks,
|
| Neil
|
|
|
