(Page 2 of 2)
EFS Recovery Agent
EFS protects files from being accessed by anyone other than the owner of the file, with one important exception the EFS Recovery Agent. This is a role given to a user account (normally the Administrator) which allows them to decrypt any EFS encrypted file on the computer, regardless of what user created it. Outside of the Windows world, the ability to bypass encryption in this way is referred to as escrow.
The EFS Recovery Agent is intended only for use in emergencies, for example, where an employee encrypts business-critical files and then leaves the company. It is an extremely powerful role and easily open to abuse, reinforcing the security maxim A computer is only as secure as the administrator is trustworthy.
It is very important to remember the following rules:
EFS encrypted files are locked to an individual user account. If you delete the user account before un-encrypting the files, you will need to use the EFS Recovery Agent to recover the data.
When copying an EFS encrypted file or folder from an NTFS v5 drive to a non-NTFS v5 drive (including NTFS v4 drives and floppy disks), the encryption is automatically removed if the user who encrypted the file is the same as the user who is copying the file.
Home - Table Of Contents - Contact Us
CertiGuide to A+ (A+ 4 Real) (http://www.CertiGuide.com/apfr/) on CertiGuide.com
Version 1.0 - Version Date: March 29, 2005
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2005 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.