Creating a DRA

In order to be designated as a DRA, a user must have a certificate that will be used to access encrypted files. To create a certificate for the user who will be the DRA, you should log on as that user, and execute the following command: Cipher /R:filename

You will then be asked to type in the password to protect your .pfx, followed by a request to retype the password.

The /R switch is used to generate two files, one with a .pfx extension and one with a .cer extension. The .pfx file is used for data recovery and the .cer file includes a self-signed EFS recovery agent certificate. The .cer file (self-signed public key certificate) can then be imported into the local security policy and the .pfx file (private key) can be stored in a secure location.

Once you have created the public and private keys to be used with EFS, you can specify the DRA through Group Policy, using the following steps:

1. Select Start > Administrative Tools > Active Directory Users And Computers.

2. Right-click the domain that you want to add the DRA to and select Properties.

3. Click the Group Policy tab to access the dialog box shown in Figure 4.32 and click the Edit button.

FIGURE 4.32 Group Policy tab for domain Properties

FIGURE 4.32 Group Policy tab for domain Properties

Group Policy Objects higher in the list have the highest priority This list obtained from: server2003.Siibey local




Options... |


Properties |

I Block Policy inheritance

OK Cancel

4. From the Group Policy Editor dialog box, select Computer Configuration > Windows Settings > Security Settings > Public Key Policies > Encrypting File System, as shown in Figure 4.33.

Computer Hard Drive Data Recovery

Computer Hard Drive Data Recovery

Learn How To Recover Your Hard Drive Data After A Computer Failure.

Get My Free Ebook

Post a comment