70-270 efs

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I would like to know in the event that user loses his private key how can an admin or other recovery agent decrypt a file.

I tried to lab this in my virtual session, i performed the following:

1) as the impacted user i in cmd i did cipher /r:/filename
2)it successfully generated a pfx and cer file.
3) logged off and logged on with the administrator account.
4) within group policy i added the administator as a recovery agent
5) when i tried to decrypt via the cipher command or with windows explorer it wouldnt succeed.

Is there something i ma missing or doing wrong.

Thanks

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I think recovery agents can only decrypt files that have been encrypted after the recovery agent has been assigned not before i.e. the above example the administrator account fails to decrypt the file because it was made the recovery agent after the file was encrypted.

 

i tried after tge assignment of the recovery agent to get the user to create another encrypted folder/file.
Logging on as the administratir i still receive an accesss denied message, i dont understand.

 

Going through the Windows 7 section of EFS now, not sure if XP will be much different, but after creating the recovery agent, you need to import it with the local computer policy.