EFS and RDA features????

[serge calderara]

Dear all,

I am actuallty testing the EFS feature and recovery agen
of a crypted file.

In order to do that I have first ceate a new rda key using
cipher /R command.
Then I have import install the generated certificate and
the private key in the system.

I know that by default administrator user is a default RDA.
Then I have created a crypted file with another user
account. In that new crypted file i can see that
Administrator user is a RDA.
Then I delete that user account cause he has left the
company for instance.

Then I logon with administrator account again and try to
acces the previous deleted user encrypted file.
But I get an access denied , I cannot open the file even
with Administrtor RDQA write.

Any idea ?

thnaks for your reply
regards
serge

 

[James Martin]

Hey, I had a similar question that someone was king enough
to answer. What I found was that when I import the PFX
file and it gets to the Password screen, if I checked the
"Enable strong private key protection. You will be prompted
...." checkbox, when I went to recover it would give me
access denied, but if I did not check that box it would
work fine. Also, for clarity regarding default DRA--on a
standalone XP Pro machine there is no default DRA, but on a
domain there is.

Hopefully the check box issue will solve your problem..

Regards
James

 

[serge calderara]

Thanks for your answer i will give a try.
By the way, this PKF file if I understande properly is the
usinque private key use to encrypte and decrypte files
right?

COuld you explain me a bit the use of the .CER and .PKF
file which is generated. I think I am a bit confused.

I have heard that files are crypted with a ky pair private
and public. does it mean that each user who encrypt a file
has automatically a public and private key pair?

where are those key store?

If I send the crypted file to a friend how can he see it?

thanks for all those information
regards
serge

 

[Torgeir Bakken (MVP)]

I am actuallty testing the EFS feature and recovery agen
of a crypted file.

In order to do that I have first ceate a new rda key using
cipher /R command.
Then I have import install the generated certificate and
the private key in the system.

I know that by default administrator user is a default RDA.

Hi

No, WinXP does not define a RA as default (this was changed from Win2k).

From a previous posting of mine:

Read and understand the information in the links below before you start using
Encrypting File System (EFS), or you will very likely loose your files one
time in the future:

Best Practices for the Encrypting File System
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316

Encrypting File System in Windows XP and Windows Server 2003
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/CryptFS.asp

(58 pages, will also tell the differences between Win2k and WinXP regarding
EFS)

also gives information/links on to how to export keys, e.g.

"Data Recovery on Standalone Machines"

Under "Knowledge Base Articles on EFS" you will find e.g.

241201 How to Back Up Your Encrypting File System Private Key
259732 EFS Recovery Agent Cannot Export Private Keys
255742 Methods for Recovering Encrypted Data Files


Reading 255742, will give you this as well:

241201 HOW TO: Back Up Your Encrypting File System Private Key in Windows 2000

242296 How to Restore an EFS Private Key for Encrypted Data Recovery


If your computer is not a member of an AD domain, this part of the document is
obligatory reading:

"Using EFS with Standalone Machines or NT 4.0 Domains"