Options
EFS conflicting info - urgent !
Kevin_cambs_uk
Member Posts: 30 ■■□□□□□□□□
Tomorrow is exam day, been doing last min stuff. On one of the questions on the MS Press CD.
The question is about the Recovery Agent, and I clicked what I thought was the answer, and I got it wrong.
According to the question on a workgroup XP the local admin account is NOT the default recovery agent, it says it was on Win 2000 but not on XP, yet the Techexam notes says that the local admin account IS the default Recovery agent.
Who is right?
Also while were at it ! if you delete the user account can you just log on as admin and decrypt?
thanks guys
Kev
The question is about the Recovery Agent, and I clicked what I thought was the answer, and I got it wrong.
According to the question on a workgroup XP the local admin account is NOT the default recovery agent, it says it was on Win 2000 but not on XP, yet the Techexam notes says that the local admin account IS the default Recovery agent.
Who is right?
Also while were at it ! if you delete the user account can you just log on as admin and decrypt?
thanks guys
Kev
Comments
-
Optionseurotrash
Member Posts: 817
http://support.microsoft.com/kb/241201By default, if a computer that is running Windows XP or Windows 2000 is a member of a Windows Server 2003 domain or a Windows 2000 domain, the built-in Administrator account on the first domain controller in the domain is designated as the default recovery agent.
Note that a computer that is running Windows XP and that is a member of a workgroup does not have a default recovery agent. You have to manually create a local recovery agent.witty comment -
Options
Webmaster
Admin Posts: 10,292 Admin
From the top of my head I would go with the MS Press CD. I think I made a mistake in my XP TechNotes when porting over the Windows 2000 EFS TechNotes.Microsoft wrote:The default design for the EFS recovery policy is different in Windows XP Professional than it was in Windows 2000 Professional. In Windows XP Professional, stand-alone computers do not have a default DRA, but Microsoft strongly recommends that all environments have at least one designated DRA.Designating a Data Recovery Agent in a Stand-Alone Environment
For stand-alone computers, Windows XP Professional does not create a default recovery agent. A DRA can be added by using Group Policy on the local computer, but the intended DRA must first have a recovery certificate. Because the computer is stand-alone, EFS creates a self-signed certificate for the DRA.
www.microsoft.com/technet/prodtechnol/winxppro/reskit/c18621675.mspx
I'll have a closer look later today and correct the notes where needed. -
OptionsKevin_cambs_uk
Member Posts: 30 ■■□□□□□□□□
Magic guys
I appreciate the swift answers, I bet there not one question on it now !!!
