data recovery agent (DRA)

A data recovery agent (DRA) is a Microsoft Windows user who has been granted the right to decrypt data that was encrypted by other users. The assignment of DRA rights to an approved individual provides an IT department with a way to unlock encrypted data in case of an emergency.

A data recovery agent (DRA) is a Microsoft Windows user who has been granted the right to decrypt data that was encrypted by other users. The assignment of DRA rights to an approved individual provides an IT department with a way to unlock encrypted data in case of an emergency.

Data Recovery Agents can be defined at the domain, site, organizational unit or local machine level. In a small to mid-sized business, the network administrator is often the designated DRA.

In very simple terms, here is how it works: The network administrator uses Microsoft Windows Group Policy in Active Directory to assign everyone a public key for encryption and their own personal private key for decryption. This ensures that users can only decrypt the content that they have created -- and no one else's. The data recovery agent, however, is assigned a private key capable of unlocking all content encrypted with the public key.

In Windows 2000, the local administrator is the default DRA . In Windows XP Professional, Windows 7, Windows Server 2003 and Windows Server 2008 R2, there is no default DRA. Instead, the administrator must generate a recovery agent certificate which grants the user permission to access the encrypted resources. If the recovery agent certificate is created after the encryption of the resource, however, the resource cannot be decrypted by the DRA.

This was first published in February 2011

Continue Reading About data recovery agent (DRA)

Dig deeper on Application security and data protection

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close