No announcement yet.

EFS - DRA cannot decrypt

  • Filter
  • Time
  • Show
Clear All
new posts

  • EFS - DRA cannot decrypt

    Hello all,

    I'm just trying to impliment EFS on a windows 2003 domain.

    I have followed these instructions

    When a user encrypts a file, logs off, the DRA logs on and is unable to open or decrypt the file.
    screen shot -

    I have one 2003 sp2 domain controller with a few other windows 2003 servers and several client pc's on the domain. Do I have something wrong with the DC, are their prerequisites I'm not aware of?

    Any advice is welcome!

    Thanks in advanced.

  • #2
    Re: EFS - DRA cannot decrypt

    Hi all, does anyone have any ideas on this?


    • #3
      Re: EFS - DRA cannot decrypt

      It doesn't work that way.

      You have to log into a DC with the DRA, export the DRA accounts personal certificate, log into the client workstation as the DRA, import the certificate, now you can decrypt.


      • #4
        Re: EFS - DRA cannot decrypt

        One more point to add DRA will be added to those files only which have been encrypted or modified after creation of DRA. DRA will not be able open the previously encrypted files.

        Make sure the backup of the keys because if the keys are lost or corrupt you might stck up in big problem.

        Kapil Sharma
        Life is too short, Enjoy It.


        • #5
          Re: EFS - DRA cannot decrypt

          roger that, I had to issue a new cert to public users after the DRa was created.

          I didn't know u had to export the cert from the dc then import it into the personal cert store, i assumed it would be automatic.

          Thanks all!