How does Domain Migration Administrator handle EFS, i.e. when a source user encrypted files locally, (NETIQKB28083)

  • 7728083
  • 02-Feb-2007
  • 16-Nov-2007

Resolution

goal
How does Domain Migration Administrator handle EFS, i.e. when a source user encrypted files locally, can the target user still access the files?

fact
Domain Migration Administrator 7.x

fix
When a user is migrated to the target domain, the target account will not have access to files that were encrypted by the source user. By Microsoft design, only the person who encrypted the file, the specified Recovery Agent (usually the Local Administrator on the machine where the files reside) has the ability to decrypt the files. The user must logon with their source account and decrypt the files. Then they will be able to logon with their target account and re-encrypt the files. This could also be accomplished by the Recovery Agent.

note

Please refer to the following knowledge base article:

How would DMA/SC behave if attempt to migrate files that are encrypted with Microsoft's built-in EFS? 

https://www.netiq.com/kb/esupport/consumer/esupport.asp?id=NETIQKB4686



note

Please refer to Microsoft Knowledge Base for more information:

Step-by-Step Guide to Encrypting File System (EFS) 

http://www.microsoft.com/windows2000/techinfo/planning/security/efssteps.asp



Additional Information

Formerly known as NETIQKB28083

Feedback service temporarily unavailable. For content questions or problems, please contact Support.