HPE Community
Windows Server 2003
1833159 Members
3077 Online
110051 Solutions
New Discussion

Re: Data Recovrry Agent in Domain Envrnment -- plz help

 
Maaz
Valued Contributor

‎08-22-2006 06:16 AM

‎08-22-2006 06:16 AM

Data Recovrry Agent in Domain Envrnment -- plz help

Windows 2003 based Active Directory Environment. All client computers are MS Windows XP.
I want to configure the Domain Administrator, Data Recovery Agent, for the entire Domain.
Please guide me ... any tutorial will be appreciated?
PS. I can configure the DRA on the single machine... but I want to configure the DRA for every single machine, within the entire Domain.

Thanks n Regards
Maaz
0 Kudos
4 REPLIES 4
Ivan Ferreira
Honored Contributor

‎08-22-2006 07:19 AM

‎08-22-2006 07:19 AM

Re: Data Recovrry Agent in Domain Envrnment -- plz help

Is this what you need?:

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_seprocsaddrecagent.mspx?mfr=true
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Maaz
Valued Contributor

‎08-23-2006 07:06 AM

‎08-23-2006 07:06 AM

Re: Data Recovrry Agent in Domain Envrnment -- plz help

Thanks Ivan.

I read from the website (you mentioned, and try to implement, but fialed. I did the following:

ON DC:
0, Administrator logs-in
1, cipher /r:keys
2, Import/Install the "keys.pfx" file with all the default options.
3, Edit the Default Domain Policy > Computer Configuration > Windows Settings > Security Settings > Public Key Policies > Encrypting File System > Add Data Recovery Agents > Browse Folder > Open the "Keys.cer" file > Finish.

ON a client machine(xp):
1, log on to the domain with a domain user account(ordinary user), then create some files and encrypt the folder/files.

2,log on to the domain with a Administrator account, and try to read the encrypted files(encrypted by the domain user ), but Access is Denied.

Plz help. Let me know what to do.

Regards
Maaz

0 Kudos
Ivan Ferreira
Honored Contributor

‎08-23-2006 07:41 AM

‎08-23-2006 07:41 AM

Re: Data Recovrry Agent in Domain Envrnment -- plz help

You must take the ownership of the file before trying to decrypt the file.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Maaz
Valued Contributor

‎08-27-2006 06:40 AM

‎08-27-2006 06:40 AM

Re: Data Recovrry Agent in Domain Envrnment -- plz help

Thanks Dear Ivan.
I took the ownership and have the full permission on the files/folder(Domain Users' encrypted files), but i still cant read the encrypted files. I am sure there must be something wrong in the implementation of my DRA.

Regards
Maaz
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.