10-53Lesson 4 Increasing Security by Using EFS
Security Alert The recovery agent can bring his or her private key to the owner’s computer,
but it is never a good security practice to copy a private key onto another computer.
It is a good security practice to rotate recovery agents. However, if the agent designa-
tion changes, access to the file is denied. For this reason, you should keep recovery
certificates and private keys until all files that are encrypted with them have been
updated.
The person designated as the recovery agent has a special certificate and associated
private key that allow data recovery. To recover an encrypted file, the recovery agent
does the following:
■ Uses Backup or another backup tool to restore a user’s backup version of the
encrypted file or folder to the computer where his or her file recovery certificate
is located.
■ In Windows Explorer, opens the Properties dialog box for the file or folder, and in
the General tab, clicks Advanced.
■ Clears the Encrypt Contents To Secure Data check box.
■ Makes a backup version of the decrypted file or folder and returns the backup ver-
sion to the user.
Practice: Increasing Security by Using EFS
In this practice, you log on as an administrator and encrypt a folder and its files. You
then log on using a different user account, and attempt to open an encrypted file and
disable encryption on the encrypted file.
Bạn đang xem 10 - - MICROSOFT PRESS MCSA MCSE SELF PACED TRAINING KIT EXAM 70 270 PHẦN 5 PPT