DRA & EFS on XP

M

martin426

Hello,

I'm studying for my 70-270 exam, and have been exploring
options I don't have as much exposure to in preparation for
the exam. I am trying to setup a Data Recovery Agent to be
able to recover encrypted files on a test account I set up.
Here's the process I'm following:

Run->cmd->cipher /r:test
Start->Control Panel->Admin Tools->Local Security Policy
Encrypting File system under Public Key Policies
Right click, add Data Recovery Agent, run the wizard, and
when I'm done the certificate shows up in the window pane.
If I double click on the certificate, it has a red x on it
and says:

"This CA Root Certificate is not trusted. To enable trust,
install this certificate in the Trusted Root Certification
Authorities Store."

If I create a mmc with the Certificates snap in, I can see
a "Trusted Root Certification Authorities" area, but cannot
add anything to it. Naturally, when I try to decrypt a
file created by my test account it tells me access is denied.

What am I doing wrong here? Also, I'm supposed to keep the
pfx file in a "safe place"--what exactly does that mean and
how does it come into play (ie: Where does it need to be)
when I try to decrypt a file?

Thanks in advance for any help!
 
R

Roger Abell

[email protected] said:
Hello,

I'm studying for my 70-270 exam, and have been exploring
options I don't have as much exposure to in preparation for
the exam. I am trying to setup a Data Recovery Agent to be
able to recover encrypted files on a test account I set up.
Here's the process I'm following:

Run->cmd->cipher /r:test
Start->Control Panel->Admin Tools->Local Security Policy
Encrypting File system under Public Key Policies
Right click, add Data Recovery Agent, run the wizard, and
when I'm done the certificate shows up in the window pane.
If I double click on the certificate, it has a red x on it
and says:

"This CA Root Certificate is not trusted. To enable trust,
install this certificate in the Trusted Root Certification
Authorities Store."

If I create a mmc with the Certificates snap in, I can see
a "Trusted Root Certification Authorities" area, but cannot
add anything to it. Naturally, when I try to decrypt a
file created by my test account it tells me access is denied.

What am I doing wrong here? Also, I'm supposed to keep the
pfx file in a "safe place"--what exactly does that mean and
how does it come into play (ie: Where does it need to be)
when I try to decrypt a file?

Thanks in advance for any help!
Click to expand...

So far, by your account you are doing nothing that
is wrong. However, you have not done the crucial
step to enable the DRA to decrypt - log in with the
DRA account and use the certificates snap-in to
import the key from the pfx. So far you only imported
the certificate - which enables encryption to include
the DRA ability to decrypt. When you import the key
be sure to tell it that you do not want to be prompted
for the password whenever the key is used.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

DRA and EFS 1
Need assistance getting Data Recovery Agent to work 1
DRA is Decrypting Files when it shouldn't be!!! 22
DRA cannont open EFS files 6
Test certificate on Vista 0
DRA doesn't want to work - but why? 2
EFS -DRA on stand alone XP 1
EFS Recovery Agent 1

Top