On a standalone Windows 2000 computer, the Recovery Agent is the local Administrator account.
To determine who encrytped a file, and the Recovery Agent in a domain, open a CMD prompt and use Efsinfo.exe. To use Efsinfo.exe:
1. Switch (CD) to the folder that contains the file.
2. Type efsinfo /r /u <filename>. If I type efsinfo /r /u Myfile.txt, the information returned is:
Myfile.txt: Encrypted
Users who can decrypt:
<DomainName>\<UserName> (CN=User Name,L=EFS,OU=EFS File Encryption Certificate)
Recovery Agents:
<DomainName>\EFSRecover (OU=EFS File Encryption Certificate, L=EFS, CN=EFSRecover)
This output indicates that Myfile.txt was encrypted by
<UserName> from domain
<DomainName>.
The
EFSRecover account in domain
<DomainName> is the designated EFS recovery agent for the file.
NOTE: If you don't specify a file name, all files in the folder are displayed.
NOTE: Efsinfo.exe is also in the Windows XP Support Tools.
NOTE: The Efsinfo syntax is:
EFSINFO \[/U\] \[/R\] \[/C\] \[/I\] \[/Y\] \[/S:dir\] \[pathname \[...\]\]
/U Display user information. (Default option.)
/R Display recovery agent information.
/C Display certificate thumbnail information.
/I Continues performing the specified operation even after errors
have occurred. By default, EFSINFO stops when an error is
encountered.
/Y Display your current EFS certificate thumbnail on the local PC.
The files you specified might not be on this PC.
/S Performs the specified operation on directories in the given
directory and all subdirectories.
0 comments
Hide comments