IT tutorials
 
Windows
 

Windows 7 : Encrypting File System (part 3) - How to Recover to an EFS-encrypted File Using a Data Recovery Agent

- How To Install Windows Server 2012 On VirtualBox
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire
1/4/2014 8:36:26 PM

5. How to Recover to an EFS-encrypted File Using a Data Recovery Agent

EFS grants data recovery agents (DRAs) permission to decrypt files so that an administrator can restore an encrypted file if the user loses his or her EFS key. By default, workgroup computers configure the local Administrator account as the DRA. In domain environments, domain administrators configure one or more user accounts as DRAs for the entire domain.

Because DRA certificates are not copied automatically when an administrator logs onto a computer, the process of copying the DRA certificate and recovering an EFS-encrypted file is somewhat lengthy (but straightforward). To recover an EFS-encrypted file, perform these steps:

  1. First, you need to obtain a copy of the DRA certificate. By default, this is stored in the Administrator user account on the first domain controller in the domain. To do this, using the DRA account, log on to the administrator account on the first domain controller in the domain.

  2. Click Start, and then click Run. Type mmc, and then press Enter. Respond to the UAC prompt that appears.

  3. Click File, and then click Add/Remove Snap-In.

  4. Click Add.

    A list of all the registered snap-ins on the current computer appears.

  5. Double-click the Certificates snap-in.

  6. If the Certificates Snap-In Wizard appears, select My User Account, and then click Finish. Click OK.

    The MMC console now shows the Certificates snap-in.

  7. Browse to Certificates - Current User\Personal\Certificates. In the details pane, right-click the domain DRA certificate, click All Tasks, and then click Export (as shown in Figure 2). By default, this is the Administrator certificate that is also signed by the Administrator, and it has the Intended Purpose shown as File Recovery.

    Exporting a certificate for EFS recovery

    Figure 2. Exporting a certificate for EFS recovery

  8. In the Certificate Export Wizard, click Next.

  9. On the Export Private Key page, select Yes, Export The Private Key, and then click Next.

  10. On the Export File Format page, accept the default settings shown in Figure 3, and then click Next. For security reasons, you might want to select the Delete The Private Key If The Export Is Successful check box and then store the private key on removable media in a safe location. Then, use the removable media when you need to recover an EFS-encrypted file.

  11. On the Password page, type a recovery password twice. Click Next.

  12. On the File To Export page, type a file name to store the recovery password on removable media. Click Next.

  13. On the Completing The Certificate Export Wizard page, click Finish. Then, click OK.

    Using the default .PFX file format for the DRA recovery key

    Figure 3. Using the default .PFX file format for the DRA recovery key

Now you are ready to import the DRA key on the client computer that requires recovery. Log on to the client computer and perform these steps:

  1. Click Start, and then click Run. Type mmc, and then press Enter.

  2. Click File, and then click Add/Remove Snap-In. Respond to the UAC prompt that appears.

  3. Click Add.

    A list of all the registered snap-ins on the current computer appears.

  4. Double-click the Certificates snap-in.

  5. In the Certificates Snap-In Wizard, select My User Account, and then click Finish. Click OK.

    The MMC console now shows the Certificates snap-in.

  6. Right-click Certificates - Current User\Personal\Certificates, click All Tasks, and then click Import.

  7. In the Certificate Import Wizard, click Next.

  8. On the File To Import page, click Browse. In the Open dialog box, click the file types list (above the Open button) and select Personal Information Exchange. Then, select the DRA key file and click Open. Click Next.

  9. On the Password page, type the password you used to protect the DRA key. Click Next.

  10. On the Certificate Store page, leave the default selection to store the certificate in the Personal store. Click Next.

  11. Click Finish, and then click OK.

Now you can open or decrypt the files just as if you had been added as an authorized user. To decrypt the files, view the properties for the file or folder and clear the Encrypt Contents To Secure Data check box. After you click OK twice, Windows uses the DRA key to decrypt the files. Now that the files are unencrypted, the user who owns the files should immediately re-encrypt them.

Tip

DECRYPTING RECOVERED FILES

If you use Windows Backup, files recovered from backup media will still be encrypted with EFS. Simply recover the files to a computer and have the DRA log on to that computer to decrypt them.

After recovering files, remove any copies of your DRA. Because the DRA can be used to decrypt any file in your domain, it's critical that you not leave a copy of it on a user's computer.

 
Others
 
- Windows 7 : Encrypting File System (part 2) - How to Grant an Additional User Access to an EFS-encrypted File , How to Import Personal Certificates
- Windows 7 : Encrypting File System (part 1) - How to Encrypt a Folder with EFS, How to Create and Back Up EFS Certificates
- Windows 7 : How to Troubleshoot Authentication Issues (part 3) - How to Troubleshoot an Untrusted Certification Authority
- Windows 7 : How to Troubleshoot Authentication Issues (part 2) - How to Use Auditing to Troubleshoot Authentication Problems
- Windows 7 : How to Troubleshoot Authentication Issues (part 1) - Identifying Logon Restrictions
- Windows 7 : Authenticating Users - How to Use Credential Manager
- Windows 7 : Changing the Default Connection, Managing Multiple Internet Connections
- Windows 7 : Configuring a High-Speed Connection (part 2) - Setting Up a Fixed IP Address
- Windows 7 : Configuring a High-Speed Connection (part 1) - Configuring a PPPoE Broadband Connection, Setting Up Dynamic IP Addressing
- Windows 7 : Installing a Network Adapter for Broadband Service
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
programming4us programming4us
 
Popular tags
 
Video Tutorail Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8 BlackBerry Android Ipad Iphone iOS
Celebrity Style, Fashion Trends, Beauty and Makeup Tips.