EFS DRA and the like!

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi all,

quick question for you about the pfx file and requirements for EFS recovery.

Say for example 2 computers in workgroup computer 1 has a DRA and EFS set up correctly, certificates backed up to whatever removeable media you feel like. user on computer 1 trashes their certificate, by having their password renamed by the administrator.

The recovery will take place on computer 2, which imports a copy of the encrypted data. My question is when you go to add the certificates safetly stored on your removable media to computer 2 do you need to add the public key to the local security policy as well as importing the PFX file (which as I understand it has both pulic and private keys in anyway), or can you just install the pfx file and access the data.

cant really find the info I needed in any of the books i've got here, went into town especially to pick up some mcdst books today but the massive book shop in my local town didnt have any!!!!! Oh well at least I can get one from amazon!

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

actually thinking about it, is the purpose to the certificate in the local security policy only to add that key to any encrypted file that is created on that machine, thus creating the dra get out clause????

 

Dales I am not sure as EFS is slightly different in XP and I studied Windows 2000.

Why don't you test it out? Hands on practice will always reap more rewards than just reading - then come back and tell us the answer

 

been playing with it for a while, took me a while to figure it out, but in retrospect it was my stupidity that stopped me seeing the bigger picture.

Anyway what I've figured out so far I think, is that you create the DRA first and add the .Cer file into the security policy, that in turn writes the certificate number to any files/folders you encrypt from that point on.

Went to do my 271 in wokingham on monday, i'd been i'll all that weekend and still wasnt feeling great so travelled all the way there only to be told that their site had failed and they were'nt running any exams that day, The receptionist cheerily went onto say that she had 10 other people comming in and they we not going to be able to do it either. (dont know why they didnt phone us in the morning to say, cause my closest test centre is 15 miles through hellish traffic blackspots)

And I was all psyched up for it and everything!