DRA doesn't want to work - but why?

[Mike]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

It seems I don't get something ! ...I can't make Data Recovery Agent to
recover

1.Administrator > cipher /r > .pfx and .cer created for DRA
2.I logged as User1 and I designated User1 as DRA (.pfx imported into
Personal Certificates and .cer added in Local Security to designate User1 as
DRA)
3.I logged as User2, encrypted files ,and then i deleted User2 Certificate
4.I logged as User1 - try to view files - 'Access denied' (User1 has full
rights to encrypted folder)

???

I tried cipher /r > new .cer and .pfx, again designated User1 with new DRA
cert ,User2 encrypted new folder, I didn't remove his cert. this time -
still 'Access denied' for User1

I designated Administrator as DRA,removed User2 old Certficate, encrypted
folder as User2 - 'Access denied' for Administrator

I try many times different ways - always 'Access denied' - what can be wrong
?

Mike

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Here are a couple of items you might check:
1. Does the thumbprint of the DRA's certificate match the thumbprint of the
DRA listed in the encrypted files' properties (on the Encryption Details
page)?
2. Does the DRA have, at least, READ access to the encrypted files? (You
mentioned Full Rights to the folder. Is that inherited on the files?)

This link may be helpful, also:
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx

Thanks.
Pat

"Mike" wrote:

> It seems I don't get something ! ...I can't make Data Recovery Agent to
> recover
>
> 1.Administrator > cipher /r > .pfx and .cer created for DRA
> 2.I logged as User1 and I designated User1 as DRA (.pfx imported into
> Personal Certificates and .cer added in Local Security to designate User1 as
> DRA)
> 3.I logged as User2, encrypted files ,and then i deleted User2 Certificate
> 4.I logged as User1 - try to view files - 'Access denied' (User1 has full
> rights to encrypted folder)
>
> ???
>
> I tried cipher /r > new .cer and .pfx, again designated User1 with new DRA
> cert ,User2 encrypted new folder, I didn't remove his cert. this time -
> still 'Access denied' for User1
>
> I designated Administrator as DRA,removed User2 old Certficate, encrypted
> folder as User2 - 'Access denied' for Administrator
>
> I try many times different ways - always 'Access denied' - what can be wrong
> ?
>
> Mike
>
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi, I have the same problem. The thumbprint# is the same and the DRA ID has
full right to the folder but still got "access denied" error. I had this
working in Windows 2000 professional and only experience this problem with XP.

Do you have anything I can check? Thanks.

Che

"Pat Hoffer [MSFT]" wrote:

> Here are a couple of items you might check:
> 1. Does the thumbprint of the DRA's certificate match the thumbprint of the
> DRA listed in the encrypted files' properties (on the Encryption Details
> page)?
> 2. Does the DRA have, at least, READ access to the encrypted files? (You
> mentioned Full Rights to the folder. Is that inherited on the files?)
>
> This link may be helpful, also:
> http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx
>
> Thanks.
> Pat
>
> "Mike" wrote:
>
> > It seems I don't get something ! ...I can't make Data Recovery Agent to
> > recover
> >
> > 1.Administrator > cipher /r > .pfx and .cer created for DRA
> > 2.I logged as User1 and I designated User1 as DRA (.pfx imported into
> > Personal Certificates and .cer added in Local Security to designate User1 as
> > DRA)
> > 3.I logged as User2, encrypted files ,and then i deleted User2 Certificate
> > 4.I logged as User1 - try to view files - 'Access denied' (User1 has full
> > rights to encrypted folder)
> >
> > ???
> >
> > I tried cipher /r > new .cer and .pfx, again designated User1 with new DRA
> > cert ,User2 encrypted new folder, I didn't remove his cert. this time -
> > still 'Access denied' for User1
> >
> > I designated Administrator as DRA,removed User2 old Certficate, encrypted
> > folder as User2 - 'Access denied' for Administrator
> >
> > I try many times different ways - always 'Access denied' - what can be wrong
> > ?
> >
> > Mike
> >
> >
> >