EFS recovery agent

G

Guest

My laptop is part of domain. Can I specify the local administrator be the
data recovery agent for my EFS ?

if yes, how to set it ?

if yes, does that mean while travelling I can login as local admin as access
the EFS files encrypted while I was on my office LAN logged in with my domain
ID
 
S

Steven L Umbach

If one is not specified at the domain level then the local administrator
will automatically be RA when you encrypt a file on Windows 2000 assuming
domain policy allows EFS use. If an RA is specified at the domain level then
you will not be able to specify one in Local Security Policy that will work.
FYI in Windows 2000 using the local administrator as a RA can be a security
risk because if a malicious user can access your computer he can use a
utility to change the built in administrator password and then logon as the
built in administrator to access any EFS files on the computer unless the RA
private key had been exported/deleted.

Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

EFS - setting up Recovery Agent 4
Domain EFS Recovery Agent 2
EFS recovery agent in Default Domain Policy with a self signed cer 5
Cannot get EFS recovery agent function to work! 6
bug with efs on server 2003 5
EFS recovery agents 3
EFS Recovery Agent 5
How to add EFS data recovery agents on Windows 2000 workgroup server 5

Top