O'Reilly logo

Windows Server® 2008 PKI and Certificate Security by Brian Komar

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

One Application, Two Recovery Methods

In Windows Server 2003 PKI and Windows Server 2008 PKI deployments, EFS allows two methods to recover an EFS-encrypted file when a user no longer has access to his or her EFS-encryption private key:

  • Data recovery. An EFS recovery agent decrypts the file. Once the file is decrypted, the user can open the plaintext file and then reencrypt the file using a newly issued certificate with the Encrypting File System OID.

  • Key recovery. The user’s original certificate and private key are recovered from the CA database and restored to the user’s profile. Recovery of the user’s certificate and private key allows the user to access the FEK stored in the DDF of the EFS-encrypted file, returning access to the file to the ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required