I administer several SQL Servers that I now must encrypt with EFS file encryption.
I have chosen to use EFS only on the client´s SQL data files, and I am testing in virtual environment all aspects of encryption, recovery, backup, etc before advancing to production environment.
I have Windows 2008 AD installed, no CA installed (I do not want to have it enabled, it will not be necessary to have the full CA enabled just to encrypt two or three files) and I have created 3 user accounts.
I have created two user accounts, logged on with each of them, and used cipher /r to create a certificate file pair.
I imported the certificates into AD Default Domain Policy as Recovery Agents, updated the policy and rebooted the server.
Now I encrypt a file as “Administrator” and try to decrypt the file with my DRAs. I cannot decrypt the file. What steps am I missing?