EFS Question

  • Thread starter Thread starter Jim
  • Start date Start date
J

Jim

First, I have googled and read the great articles in TechNet. I'm new to
encryption, so my question (I think) is pretty basic, but I'm frankly scared
to start using EFS until I'm sure I'll be able to get my data back. ;-)

I'm running a machine with XP Pro at home in a workgroup (no domain). I
have two user accounts on the machine. What are the benefits to a data
recovery agent in this configuration? Assuming I memorize the passwords and
export the keys from both user accounts using mmc (and keep them in a safe
place), what would I need the DRA for?

Thanks--

Jim
 
In case the encrypting profile is damaged or destroyed.

Do NOT use EFS until you are sure how to use it and comfortable with
recovery procedures.
I suggest you practice with unimportant data possibly with another profile.
Create problems and than attempt recovery.
Only after finding yourself comfortable, then start using EFS.

If something goes wrong, there is a good chance your data will be lost
forever.
There is a reason EFS is often called the "Delayed Recycle Bin".
 
If you have backed up (exported) your EFS certificate + private key to a .pfx
file and have it safely stored away on external media, a DRA is not
necessary. If there is a need to recover the files down the road, execute
the .pfx file to import that certificate/key onto the system for the
recovery. Any user with permissions to the file and the certificate/key can
recover the file. As advised in the previous response, it's a good idea to
"practice" recovery before you need it.

You mentioned reading the Technet information. The Resource Kit also has
good information
http://www.microsoft.com/resources/...Windows/XP/all/reskit/en-us/prde_ffs_phvy.asp (see Ch 17)

Thanks.
Pat
 
Thanks...I do have the pfx files for both user accounts. I added a DRA
also, based on the previous response.

I've deleted the certificates, verified that I could no longer read the
data, and imported the DRA to test. Also did the same with the pfx files to
test those. Also backed up a few files using msbackup, copied to another
PC, and verified that I could decrypt by importing the pfx files on that
machine. It all seems to work...I just don't want to be one of those folks
pleading for a solution to decrypt the files after they reinstall Windows.

Thanks--

Jim
 
Back
Top