?
Solved

Where to find the domain recovery agent's private key for EFS

Posted on 2007-11-16
4
Medium Priority
?
782 Views
Last Modified: 2013-12-04
Our company is endeavoring to encrypt our laptops with EFS. During this testing phase, I have been researching it like crazy, trying to learn what not to do and how to retrieve files when things go wrong. One of the things that I came across is backing up your Recovery Agent’s Private Key.

While researching this via KB241201 http://support.microsoft.com/kb/241201/EN-US/ I learned that when doing this over the domain, the key is located on *the first domain controller in the domain under the built-in Administrator profile*. My test domain properly had this certificate.

However, on my live domain, I cannot seem to locate it. Here is a quick history of our First Domain Controller: We were once an NT4 domain with an obsolete PDC. When we upgraded from NT4 to 2003, we upgraded the NT4 PDC and then added some newer DCs to the mix. After all was well, we transferred the role of the PDC emulator to one of the new DCs and disjoined the obsolete server.

So according to this, our First Domain Controller is no more. I have looked for this on our PDC and cannot find the certificate that the KB article refers to. It just isn’t there.

Luckily, I have not deployed EFS to any live machines in the Live domain, but to only one test machine on the Live domain. So if there is a way of recreating a new Certificate, I would only loose one machine that I don’t care about.

If anyone can point me in the right direction it would be greatly appreciated.
In advance, I thank all who provide help.
-Paul
0
Comment
Question by:npcincadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 20302563
> One of the things that I came across is backing up your Recovery Agent’s Private Key.
> It just isn’t there.
> I would only loose one machine that I don’t care about.

are you encrypting your question as well? :-))
0
 
LVL 1

Accepted Solution

by:
beckman55 earned 2000 total points
ID: 20305866
0
 
LVL 1

Expert Comment

by:beckman55
ID: 20305870
0
 

Author Comment

by:npcincadmin
ID: 20315333
Thank you very much for your help.
That did work out. More specifically, the section called Task 2--Acquiring the Key Recovery Agent certificate. It took a little more than what the paper stated, like the need to install Certification Authority and IIS. But there is now the proper File Recovery certificate where it should be.
Again thank you.

And to bbao: the reason it came out like that is that I typed the question out in Word and then copied and pasted it into here. I did not take into cosideration that the character codes wouldn't transfer properly.

-Paul
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Check out the latest tech news, community articles, and expert highlights in August's newsletter.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question