Why administrator is unable to decrypt EFS files?

  • Thread starter Thread starter Arpad Orfi
  • Start date Start date
A

Arpad Orfi

I think, normally all administrator who is member of the
Administrators group is a Recovery Agent at the same time.

But I as an administrator cannot decrypt any file
encrypted by a user. I checked the local group policy
with MMC: Under
LocalComputer\Computer\Windows\Security\PublicKey\Encrypti
ngFileSystem I haven't seen any certificate.
And I checked the Properties of the file, and haven't
seen any Recovery Agent associated to any encrypted file.

My computer is a standalone PC, and I didn't do any
strange thing to the registry, and I don't have any
certificate other than that the operating system created,
or should have created when installing it.

What should I do to be a Recovery Agent as an
Administrator?
 
I think, normally all administrator who is member of the
Administrators group is a Recovery Agent at the same time.
Click to expand...

No.

And XP doesn't require a DRA. In fact, there is none created by default on
XP.

Assuming you don't have a CA, the easiest way to create a recover cert is
using the commandline tool cipher.exe. "cipher /?" will tell you what
arguments to pass into "cipher /r".

This has more details:
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

EFS nightmare 3
EFS can't decrypt 5
EFS Data Recovery 1
EFS Decryption Problem 2
recovery agent EFS expire 3
Re: How to decrypt files without the EFS Certificate 4
Questions & Results on a Trivial EFS Experiment 6
EFS 1

Back
Top