• Investment World
• eWorld
• Brand Line
• Mentor
• Life
• Canvas
• Praxis
• Urban Pulse
• Brand Quest
• The New Manager

Stocks

• Quotes
• SE Diary
• Scoreboard
• Open-End Mutual Fund

Cross Currency

• Rates
  
  

Shipping

• Ports
  
  

Archives

• Yesterday
• Datewise
• Resources
• In Focus
• In Depth

Group Sites

• The Hindu
• The Hindu ePaper
• Business Line
• Business Line ePaper
• Sportstar
• Frontline
• The Hindu eBooks
• The Hindu Images

Some files are encrypted by the user in Windows XP. But Administrator cannot decrypt them. How can we add a user in DRA group?

Vashishth jee

In Windows XP and Windows 2003, EFS (Encrypting File System) provides enhancements for data protection as compared to Windows 2000. However, all three operating systems support DRA (Data Recovery Agents) to decrypt files that have been encrypted by other users.

To encrypt a file, please right-click on it to open the properties window. Select the Advanced button to enable EFS. Select “Encrypt contents to secure data” and click Ok. If this is the first time you are encrypting the file, you will be asked whether you want to encrypt the file only or the folder. Select according to your need. The details button is not highlighted until the first user encrypts the file. Right-click, open the file properties again and click the details button in the Advanced Attributes window. The Encryption details of that file will be on view and you can find out which user can access the file transparently.

At the bottom of the same window is the DRA list for the file as defined by the Recovery policy.

The types of Recovery policies in use include Recovery Agent Policy, No Recovery Policy and Empty Recovery Policy. Depending on the Recovery policy, either the administrator or other users can decrypt the file in addition to the first user who has encrypted the file.

Organisations need to have a properly defined Recovery policy for data recovery. Whenever a user leaves the organisation or the user’s security certificate key gets corrupted, a well-defined DRA can help decrypt that user’s file. In the absence of the DRA no other user can decrypt it.

The encrypted files will be displayed in a different colour (green). This is enabled by default in the folder options: view tab, show encrypted or compressed NTFS files in colour.

The EFS and DRA applicable for Windows 2000 and XP are not the same. They also differ between a workgroup computer and domain computers. In Windows 2003 several enhancements have been made.

Because of the unique nature of the encrypted files, different results can occur when copying or moving files from a local machine to a server on the network. Different results of the copy operation will occur depending on the operating system used.

Windows XP no longer creates a default DRA on a newly installed machine in a workgroup or in a domain. DRA can be created manually using the CIPHER utility from Command Prompt.

For more information about EFS and DRA, please refer the following URL,

http://technet.microsoft.com/en-us/library/bb457065.aspx

P. Natarajan

More Stories on : Computer Usage | Tip Off

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
Me first

Copyright © 2007, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line