Announcement

Collapse
No announcement yet.

How to setup EFS DRAs in Windows 2008 Active Directory without a CA

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to setup EFS DRAs in Windows 2008 Active Directory without a CA

    Hello, everyone.


    I administer several SQL Servers that I now must encrypt with EFS file encryption.


    I have chosen to use EFS only on the client´s SQL data files, and I am testing in virtual environment all aspects of encryption, recovery, backup, etc before advancing to production environment.


    I have Windows 2008 AD installed, no CA installed (I do not want to have it enabled, it will not be necessary to have the full CA enabled just to encrypt two or three files) and I have created 3 user accounts.

    I have created two user accounts, logged on with each of them, and used cipher /r to create a certificate file pair.


    I imported the certificates into AD Default Domain Policy as Recovery Agents, updated the policy and rebooted the server.


    Now I encrypt a file as "Administrator" and try to decrypt the file with my DRAs. I cannot decrypt the file. What steps am I missing?


    Thanks in advance,

    Ivo Pereira
    IT Consultant
    Portugal
Working...
X