Microsoft encrypting file system assistant

Creating a Domain-Based Recovery Agent. Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see Contributing to this article.

Skip to main content. This browser is no longer supported. Download Microsoft Edge More info. Contents Exit focus mode. Is this page helpful? Please rate your experience Yes No. Any additional feedback? Important Because the private keys in your DRA. Important To maintain control over your enterprise data, and to be able to revoke again in the future, you must only perform this process after the employee has re-enrolled the device.

But when you move a file out of the encrypted folder, the file may be decrypted, depending on whether you move the file into an NTFS volume.

The best practice is to keep a file in its encrypted folder until the file is no longer needed. We will cover recovery keys in the next section of this post. When encrypting removable media, it is important to keep in mind that the encrypted files will only be accessible on computers that have certificates for users who are listed as having access to the file or the recovery agent key. This means that if you are working on an encrypted file at work, and you bring it home to finish up on your home computer, you will only be able to access this file if your home computer has your user certificate.

Any user who has access to a SharePoint site can encrypt any file on that site. However, once that file is encrypted, only users listed as having access to that file or the recovery agent will be able to access it. As previously mentioned, it is essential to back up your user certificates and recovery key before you use EFS to encrypt anything on your computer or the server. Once you have backed up these certificates, you can encrypt folders and files either directly or using group policy.

The first step in backing up user certificates and recovery keys is to create a domain-based data recovery agent. By default, the local administrator is set as the recovery key. This means that if the machine is lost or stolen, the domain administrator will not be able to access encrypted files. Instead, it is best to set the domain administrator as the recovery agent.

Remove From My Forums. Asked by:. Archived Forums. Sign in to vote. Saturday, June 27, PM. Monday, June 29, AM. Thank for your explanations. I knew most of the things you have mentioned. Thanks for your feedback, it helps us improve the site. Hi Carlos. If i lost my certificates because of a disk failure, for example When i then restore the backup copy to Windows. Can i regain access to these files if the BackUp folder is encrypted?. I recommend that you encrypt again for security.

And yes, if you have a removable disk, you can recover. Yes, it will be possible to decode.