Private key / EFS certificate generation and key storage

Giganews Newsgroups
Subject: Private key / EFS certificate generation and key storage
Posted by:  Ronnie (Ronn…@discussions.microsoft.com)
Date: Wed, 10 Jan 2007

On a 2003 Terminal Server in a 2003 functional mode forest,
if encryption is allowed on a folder in a user's redirected My
Documents folder with no CA in the domain, am I
correct in saying the public key pair is being generated by the
Terminal Server?  If so, is the private key being stored in the
user's profile?

Would the user be able to decrypt their data if :
* there is no key recovery agent and their profile becomes corrupt?
* the server which generates the key pair is destroyed?

Thanks

Replies