Archived from groups: microsoft.public.windowsxp.security_admin (More info?)
I am reading the book "Windows XP Inside Out" by MS Press. I am at the
chapter that talks about using EFS in a workgroup setting. It states that
when creating the data recovery certificate using "cipher /r:filename", it
warns that the resulting .pfx and .cer files should be removed and stored
externally because these files allow anyone to become a recovery agent.
The next stage of the process is to import the .pfx file to the users
certificate store using certificate manager, then import the .cer file into
Local Security Settings (secpol.msc). That user is now a data recovery
agent. The way I understand it, is that these same files are used to
designate any further recovery agents in exactly the same way.
My query is when using EFS in XP Pro in a workgroup, and you want to
designate more than one user to become a recovery agent, are their recovery
agent certificates the same?