Archived from groups: microsoft.public.windowsxp.help_and_support (
More info?)
http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/windows/xp/all/reskit/en-us/prnb_efs_lnfx.asp
Efs is very complicated. Even if the domain admin is not the recovery agent
they could access your files by using the recovery agents certificate or by
logging in as the recovery agent. If you are trying to hide something from
the domain admin it impossible unles you only keep the file on removable
storage, i.e a floppy, CDRW, USB drive etc.. If you are the doamin admins
supervisor and you need to keep files from them you should look at how the
permissions are delegated and possibly reduce that person's permissions.
With Windows server (and most any other server OS's) you have to trust
someone with ultimate power to do anything they like on the network.
Kerry
"Lynn" <MarryLynn@yah00.c0m> wrote in message
news:%236TOTo9rFHA.2540@TK2MSFTNGP09.phx.gbl...
> is there a way to check what is the designated recovery agent ?
>
> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
> news:eOkDH%238rFHA.1788@tk2msftngp13.phx.gbl...
>> "Lynn" <MarryLynn@yah00.c0m> wrote in message
>> news:uyRzC27rFHA.3216@TK2MSFTNGP12.phx.gbl...
>> > Hi,
>> > will the domain administrator able to decrypt and view my files even if
> i
>> > encrypt it with EFS ?
>> > thanks
>> >
>> >
>>
>> In most cases the answer is yes. The domain administrator is the default
>> recovery agent. This may have been changed. In any case in a domain
>> environment there is a designated recovery agent who could decrypt the
>> files.
>>
>> Kerry
>>
>>
>
>