- Join the Laptop to a Domain
- Create Encrypted Folders for Sensitive Files
- Back Up Encrypted Files to a Server Using NTBACKUP
- Use a Domain Account when Logging On in the Field
A member computer will continue to use the file recovery key from the Domain DRA account(s), regardless of whether the user is logged onto the domain or the local machine SAM. A problem arises, though, when the user tries to open previously encrypted files. Users get a separate profile when they log onto the local machine using their SAM account. This profile contains a different EFS key pair. The new private key will not open previously encrypted files. To make matters worse, if users encrypt files while logged onto the local SAM, they will not be able to open those files when they log back onto the domain. Train your users to stick with their domain accounts when logging onto their laptops.