We can configure EFS Data Recovery Agent(DRA) to be useful in such cases.A user account designated as EFS DRA can recover files encrypted by other users.
Here are the steps to configure a DRA;
1) Log into the computer with the user account that you want to use as a DRA.
2) Go to command prompt and generate the certificate for that user using cipher command. By default the files(.cer and .pfx) are generated in user's profile folder under documents & settings folder.
3) Double click the .pfx file to start the Certificate Import Wizard.
4)Log on as administrator and start Group policy Object Editor by typing "gpedit.msc" in the run dialog box.
5)Browse to Encrytion File System under Computer Configuration. Right Click and click "Add New Data Recovery Agent".
6) Browse to the location of the .cer file and choose to save it to personal folder location.
7)Thats it. Now login to computer with any account and encrypt some files. Logoff and then login with the DRA account, You will be able to decrypt those files.
No comments:
Post a Comment