problem with EFS on a domain client computer

[David]

Hi,


I was testing the EFS feature in XP SP2 and I have a problem recovering a
few files.

Here's the setup: Windows 2003 domain (1DC), WinXP SP2 clients.

If a user on an XP SP2 client encrypts files on a shared folder on the DC,
the domain admin can access the file and thus if ever necessary recover the
file if the user account gets deleted.
If the same user encrypts files on his local computer, neither the domain or
local admin can access those files.

Am I doing something wrong or is this by design?


regards,


David

 

[Frank Szita [MSFT]]

The following articles may give more insite to your issue:
887414 How to add an EFS recovery agent in Windows XP Professional
(http://support.microsoft.com/?id=887414)
223316 Best practices for the Encrypting File System
(http://support.microsoft.com/?id=223316)
290260 EFS, Credentials, and Private Keys from Certificates Are Unavailable
(http://support.microsoft.com/?id=290260)

Best regards,

Frank Szita [MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.