B
Bill B
Im a bit confused on EFS...
1. In order to set up additional recovery agents for a domain (other than
administrator) , is it necessary to install an enterprise certificate
authority on the first domain controller?
2. If this is the case, does the certificate authority have to be on the
first domain controller? The first DC in this domain is going to be a
temporary box that will eventually go away. Will this prevent me from
setting up recovery agents on the eventual domain controller that will have
all the "primary" roles?
3. finally should the EFS recovery agents be designated in the local,
domain, or domain controller security policies?
I basically want to set up an additional account as a recovery agent in case
people encrypt files, dont back up their keys, and either lose thier profile
or leave. But i dont want to tie myself to the temporary DC, i want the role
to be taken over by the permanant DC with all the "primary" roles, and
possible a second DC for redundancy
Thanks.
1. In order to set up additional recovery agents for a domain (other than
administrator) , is it necessary to install an enterprise certificate
authority on the first domain controller?
2. If this is the case, does the certificate authority have to be on the
first domain controller? The first DC in this domain is going to be a
temporary box that will eventually go away. Will this prevent me from
setting up recovery agents on the eventual domain controller that will have
all the "primary" roles?
3. finally should the EFS recovery agents be designated in the local,
domain, or domain controller security policies?
I basically want to set up an additional account as a recovery agent in case
people encrypt files, dont back up their keys, and either lose thier profile
or leave. But i dont want to tie myself to the temporary DC, i want the role
to be taken over by the permanant DC with all the "primary" roles, and
possible a second DC for redundancy
Thanks.