Thread: making administrator account the DRA in XP Profession
View Single Post
  #3  
Old 01-05-2006, 05:42 AM
Mike Fields
 
Posts: n/a
Default Re: making administrator account the DRA in XP Profession

"Bruce Chambers" <bchambers@cable0ne.n3t> wrote in message
news:O9R%23Yv6DGHA.2292@tk2msftngp13.phx.gbl...
> alexm wrote:
> > First, I apologize; this question is rather simple, and has already
been
> > addressed. But I still can't get it to work.
> >
> > I encyrpt files with EFS on a user account on my standalone XP Pro
> > workstation. I wish to be able to access to them from the admin
account. I
> > therefore wish to enable the admin account as a data recovery agent.
I have
> > done the following, while logged on to the admin account:
> > used cipher /R:filename
> > to generate a certificate (and private key)
> > used gpedit to add this certificate to the encryption policy.
> >
> > However, I still cannot decrypt newly created files from the admin
account;
> > there seems to be another step I need to complete. Perhaps, I need
to import
> > the private key I created into the admin account.
> >
> > Can anyone tell me what I need to do, and tell me or point me to
how?
> >
>
> In order to designate the Administrator as a DRA, the computer must be
> part of a Domain; and even then, it is the Domain Administrator who
can
> be the DRA, not the local Administrator. This alternate access method
> is unavailable on stand-alone PCs.
>
>
> Bruce Chambers
>

From what I read, you can set the administrator (at least
that was what it looked like) as the DRA without being
part of a domain. I tried that on mine (xp pro) and when
I view the file properties - advanced - details, it shows
both me as the key holder and the administrator as the
DRA.
http://support.microsoft.com/default...241201&sd=tech
http://support.microsoft.com/default...b;en-us;223316
about 1/2 way down this one is some more info:
http://www.techzonez.com/forums/arch...p/t-13009.html
a multi-part article on encryption and recovery agents
http://www.practicalpc.co.uk/computi...xpencrypt1.htm
Here is some info from MS on "adding a recovery agent to a local
computer" (watch the link wrap)
http://www.microsoft.com/resources/d...t.mspx?pf=true
also look at
http://www.microsoft.com/resources/d..._overview.mspx
There is also a bunch of info in the XP Resource Kit.

mikey

Reply With Quote