Question about EFS

OK I do know how EFS works and all the basics but I have a question.

According to my MS Press book as i study for 270 they claim the domain admin can un-encrypt a file encrypted by an employee that has left the organazation you cannot access their account.

Now I have a virtual lab set up with a DC, several member servers, XP clients and so on. (I'm doing the test almost backwards and 270 is last for my MCSA) I've completed 290, 291, 293 and A+, Net +

I feel retarded for this after coming this far and having trouble with what I thought was going to be the easier exam.

So in my virtual lab I had a domain user encrypt a file and then i deleted that user from AD. I tried a million ways to get the domain admin to decrypt or access this file but I had no luck what so ever.

Any ideas what could be the cause? Is there a specific way of doing it. I even went as far to run NTbackup on the file and move it to the DC and try to decrypt it.

Any thoughts or is this MS press book out of their mind?

Thanks and great forum BTW

Find more posts tagged with

Comments

sprkymrk

Unless you had a Recovery Agent policy in place BEFORE the file was encrypted, there is no way for anyone, not even a Domain Admin, to unencrypt that file except for the original user.

Check out the discussion here:
http://www.techexams.net/forums/viewtopic.php?t=18560

straightflop

Thanks sprkymrk

I read threw that and led me to a technet article regarding this. So it appears that you have to have a RA set up before this. I really wish that would put in this book. I know from other exams that you need a recovery plan in place but this book said, and i quote, "The domain administrator of the first domain controller is the designated recovery agent. As soon the administrator logs on for the first time."

Then technet says what you are saying that you need to set up the recovery agent.

Man I feel retarded. What a crappy book. This is only the second MSpress book I have used and the if I recall I complained about the 290 book as well.

Well thanks for clearing it up. I think I'll head over to Amazon and leave a poor comment about this book. Really that's quite sad to make someone taking 270 that is is probably just taking their first exam, and make them think all along that the domain admin can decrypt a file. This could cause havoc if they get a job at a small company and never set up some recovery plan and think all along that they are the domain admin and can decrypt files.

straightflop

BTW I spent some time in Charelston, SC...Summerville to be exact. Nice place. I have some good friends out that way.

Thanks again

Rayzak

The book 70-270 does not cover some of the material especially material related to AD. But If you will go trough Active Directory Books, you will find many answers there. When I went trough Active Directory books I found out that 70-270 and 70-290 make much more sense now.

sprkymrk

straightflop wrote:

BTW I spent some time in Charelston, SC...Summerville to be exact. Nice place. I have some good friends out that way.

Thanks again

Your welcome. EFS is a tough subject with a few "gotchas". Also, default behaviors have morphed a little since W2K.

Summerville is nice, a little north of Charleston. No touristy stuff there, except maybe a plantation or two. Much more affordable to live there than in Charleston or Mt Pleasant.

straightflop

Thanks everyone. Well i passed it this morning with a 968 anyway. Missed 2 questions. no EFS questions at all.

So there is my MCSA. On my way to MSCE now...

I was just trying to figure out why that book was so lame.

Thanks again and i'm sure i'll be here for the rest of my exams

Silver Bullet

Congratulations

coldbug

gratz dude!

Ahriakin

It's not an easy process but essentially with the DRA in place before hand: Login as the DRA, export your Cert with the Private key. Log into the machine with the encrypted files Import that cert then unencrypt the file.
Congrats on the pass too, excellent score.

royal

congrats!

coldbug

straightflop wrote:

Thanks sprkymrk

Man I feel retarded. What a crappy book. This is only the second MSpress book I have used and the if I recall I complained about the 290 book as well.

Well thanks for clearing it up. I think I'll head over to Amazon and leave a poor comment about this book.

i never use MS Press. my friend also told me how crappy MS Press is.i am a big fan of Sybex. You should try it.

sprkymrk

coldbug wrote:

i never use MS Press. my friend also told me how crappy MS Press is.i am a big fan of Sybex. You should try it.

They're not all crappy. The advantages are the lab scenarios and the fact that many come with an eval CD of the OS. Sybex usually does make some real good books too. Syngress too. These are probably the "Big 3" when it comes to full size study guides. Passport and Exam Cram are more abbreviated study guides that are popular.