Recovery agent problem ????

S

serge calderara

Dear all,

I try to practice EFS and its recovery process with
Recovery agent key.

I have generate a RA key using cipeher /R option and
import them in my Local group policy.

When I encrypt a file with a user name USER1 in file
property encryption Detail button I can see Administraor
as rtecovery agent for the file. Fine

Then I logon as administrator and try to remove EFS on
that file , but I receive an Acess denied ?
In a similar way I cannot open the file

If in the generated file by user1 I add user2 as other
user who can use the file it works fine

how to soleve that issue?

thnaks for your answer

regards
serge
 
D

Drew Cooper [MSFT]

There are a couple of possibilities that spring to mind:
1. Administrator doesn't have ACL access to the file. If that's the case,
you can take ownership of the file, then decrypt.
2. The certificate (or private key) is not in the Administrator's user
profile. When you did "cipher /r" did you open the .pfx file that was
created and import the cert/key pair into the admin's Personal certificate
store? The .cer file has only the certificate. The .pfx has the
certificate and its corresponding private key (needed to decrypt a file).
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

EFS Recovery Agent 1
EFS File Recovery Agent Certificate Creation 3
recovery agent EFS expire 3
EFS nightmare 3
EFS Data Recovery 1
EFS: Almost all files are encrypted?! How did this happen? 1
DRA doesn't want to work - but why? 2
Need assistance getting Data Recovery Agent to work 1

Top