Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
XP pro EFS recovery in a NT Domain 1
- Thread starter silkep
- Start date
-
1
- #2
Let me comment on your post, and then the post header.
1. EFS depends on certificates. So if your question is: does EFS require the same user, who created an encrypted file on a network share, to unencrypt the document?
The simplest answer is yes. But. There is a default certificate granted to the local Administrator in a Workgroup or stand-alone setting, and to the Domain Administrator in a domain setting.
... except under NT this is different than under Win2k or Windows 2003 Server.
2. Some details:
Follow all the links in the article.
3. An important caution:
4. Another important caution:
5. You can always export the certificate/keys to another user. See #2 above.
6. Now my note about NT domain differences. You might want to revert your XP client default behavior if you are using NT Domains. The XP default is designed for Win2k or higher AD Domains, and there can be password issues under NT. The solution is to make a small registry change for the XP clients to revert the EFS behavior to the original pre-Win2k AD settings. An easy tool to do so:
If you would like to do this manually, see:
1. EFS depends on certificates. So if your question is: does EFS require the same user, who created an encrypted file on a network share, to unencrypt the document?
The simplest answer is yes. But. There is a default certificate granted to the local Administrator in a Workgroup or stand-alone setting, and to the Domain Administrator in a domain setting.
... except under NT this is different than under Win2k or Windows 2003 Server.
2. Some details:
Follow all the links in the article.
3. An important caution:
4. Another important caution:
5. You can always export the certificate/keys to another user. See #2 above.
6. Now my note about NT domain differences. You might want to revert your XP client default behavior if you are using NT Domains. The XP default is designed for Win2k or higher AD Domains, and there can be password issues under NT. The solution is to make a small registry change for the XP clients to revert the EFS behavior to the original pre-Win2k AD settings. An easy tool to do so:
If you would like to do this manually, see:
- Status
