Definition

data recovery agent (DRA)

A data recovery agent (DRA) is a Microsoft Windows user who has been granted the right to decrypt data that was encrypted by other users. The assignment of DRA rights to an approved individual provides an IT department with a way to unlock encrypted data in case of an emergency.

Data Recovery Agents can be defined at the domain, site, organizational unit or local machine level. In a small to mid-sized business, the network administrator is often the designated DRA.

In very simple terms, here is how it works: The network administrator uses Microsoft Windows Group Policy in Active Directory to assign everyone a public key for encryption and their own personal private key for decryption. This ensures that users can only decrypt the content that they have created -- and no one else's. The data recovery agent, however, is assigned a private key capable of unlocking all content encrypted with the public key.

In Windows 2000, the local administrator is the default DRA . In Windows XP Professional, Windows 7, Windows Server 2003 and Windows Server 2008 R2, there is no default DRA. Instead, the administrator must generate a recovery agent certificate which grants the user permission to access the encrypted resources. If the recovery agent certificate is created after the encryption of the resource, however, the resource cannot be decrypted by the DRA.

Related glossary terms: proxy hacking
This was last updated in February 2011
Posted by: Margaret Rouse

Email Alerts

Register now to receive SearchITChannel.com-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

More News and Tutorials

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: