Troubleshooting
Many of the issues with EFS-encrypted files boil down to one: Encryption keys must be archived. Without a valid private key from a key pair used to encrypt the FEK, file decryption is impossible. If a recovery agent exists, then its keys may be used to recover the files, but the existence of the recovery agent keys cannot be assumed.
Other issues with encrypting files include issues that result from not understanding how EFS works (in which case system files cannot be encrypted, and password resets in Windows XP Professional and above prevent the user from decrypting files he has encrypted) or things such as access denied errors during antivirus scans (the antivirus product can only check the files that are encrypted by the logged ...
Get Windows Server 2003 Security: A Technical Reference now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
