After some research, I find that recovery of EFS (available for Win 2000/2003/XP/Vista/7) encrypted files in the case of disaster can be problematic. It has to do with keys, file ownerships, etc., etc., etc. Plan for disaster and know how to recover before you encrypt with EFS. This is an interesting point .. it depends on what the "disaster" is that you plan for.
In many cases, the "disaster" is the seizure or loss of the device, it which case it's appropriate NOT to have any method of key recovery. In a corporate context, it's debatable if key escrow and multikey methods mitigate the risk or compound it. Good point, but I'm thinking in terms of failure of the machine that
On 12/10/2010 9:33 AM, Michael Holstein wrote: physically houses the files. You and I both know that you're not going to be able to replace server hardware with identical hardware and even if you do, the Windows SID will change. Restoring the system state is going to be a useless exercise. Therefore you will need the keys to decrypt/re-encrypt the files on a new device after you restore from backup. If the disk is lost or stolen, then hell no, I don't want the thief to be able to restore the data. All of this is moot if you're running in a virtual environment and you have good snapshots/backups of your VM. --Curtis