problem with EFS on a domain client computer

David · Oct 19, 2004

Hi,

I was testing the EFS feature in XP SP2 and I have a problem recovering a
few files.

Here's the setup: Windows 2003 domain (1DC), WinXP SP2 clients.

If a user on an XP SP2 client encrypts files on a shared folder on the DC,
the domain admin can access the file and thus if ever necessary recover the
file if the user account gets deleted.
If the same user encrypts files on his local computer, neither the domain or
local admin can access those files.

Am I doing something wrong or is this by design?

regards,

David

Frank Szita [MSFT] · Oct 21, 2004

The following articles may give more insite to your issue:
887414 How to add an EFS recovery agent in Windows XP Professional
(http://support.microsoft.com/?id=887414)
223316 Best practices for the Encrypting File System
(http://support.microsoft.com/?id=223316)
290260 EFS, Credentials, and Private Keys from Certificates Are Unavailable
(http://support.microsoft.com/?id=290260)

Best regards,

Frank Szita [MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.

EFS Files Inaccessible After Profile Change (Even for Recovery Agent)	2	Jun 1, 2006
EFS	1	May 21, 2004
General help with XP, EFS, and Domain	1	May 6, 2008
EFS in a 2003 Native Domain with third party PKI certificates.	6	Sep 26, 2006
EFS recovery agent	1	Jan 10, 2007
Help with EFS	1	May 29, 2007
EFS-moved from domain to AD	4	Jul 19, 2007
EFS Data Recovery	1	Jan 31, 2009

problem with EFS on a domain client computer

David

Frank Szita [MSFT]

Ask a Question

Similar Threads