How to setup EFS DRAs in Windows 2008 Active Directory without a CA

Home Forums Microsoft Networking and Management Services Active Directory How to setup EFS DRAs in Windows 2008 Active Directory without a CA

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    fastryder
    Member
    #143173

    Hello, everyone.

    I administer several SQL Servers that I now must encrypt with EFS file encryption.

    I have chosen to use EFS only on the client´s SQL data files, and I am testing in virtual environment all aspects of encryption, recovery, backup, etc before advancing to production environment.

    I have Windows 2008 AD installed, no CA installed (I do not want to have it enabled, it will not be necessary to have the full CA enabled just to encrypt two or three files) and I have created 3 user accounts.

    I have created two user accounts, logged on with each of them, and used cipher /r to create a certificate file pair.

    I imported the certificates into AD Default Domain Policy as Recovery Agents, updated the policy and rebooted the server.

    Now I encrypt a file as “Administrator” and try to decrypt the file with my DRAs. I cannot decrypt the file. What steps am I missing?

    Thanks in advance,

    Ivo Pereira
    IT Consultant
    Portugal

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.