Dear all,
I have a Windows 2012 R2 server (serverC) joined to a domain (domainA).
Since I would like to secure my data, I have created a domain user (userB) who can encrypt a folder with files inside, and encrypt the folder using EFS.
As I don't want the domain administrators to access my files, I have not created recovery agent at the domain policy.
Also, I don't want to store any encryption key on the server (except the cert. in userA), therefore no recovery agent created on the server, too.
To check whether the folder is encrypted, I run "cipher /c C:\xxxfolder\yyy.txt" to check the encryption details and the result is:
...
User who can decrypt:
domainA\userB
Certificate thumbprint: 1234 5678 0ABC...
No recovery certificate found.
Key Information:
Algorithm: AES
Key length:256
Key Entropy:256
After I backup and restore the folder at another server (serverD, C:\Restore) in the same domain, I login as userB and copy userB's cert. to the server and import it to his own Personal and Trusted People store (with private key included), and run "cipher /c C:\Restore\xxxFolder\yyy.txt", the result is a bit different:
...
User who can decrypt:
domainA\userB
Certificate thumbprint: 1234 5678 0ABC...
No recovery certificate found.
Key information cannot be retrieved. (new)
The specified file could not be decrypted. (new)
When I double-click the file, "Access is denied." is shown.
How can I solve the problem? Thanks a lot!
Stephen