Data Recovery Agent (DRA)

Last Updated: January 16, 2017

Definition - What does Data Recovery Agent (DRA) mean?

A data recovery agent (DRA) is an individual who decrypts data that's encrypted by other users on a Windows operating system. Data recovery agents are assigned and authorized Windows users who can decrypt any or all users' data, typically in case of disaster, emergency or a system crash.

Free White Paper: "AI in the Insurance Industry: 26 Real-World Use Cases" | Discover what the future of insurance holds and how AI innovation can be used to hit the mark even more precisely.

Techopedia explains Data Recovery Agent (DRA)

DRA is primarily used in enterprise networking environments with many different end user workstations managed centrally through a Windows Server. Generally, the role of DRA is performed by the network/system administrator. Typically, the DRA is defined and configured at each domain, network or at machine level within Windows Group Policy and Active Directory.

Except in Windows 2000, where the local administrator is the default DRA, Windows XP, Windows, Windows Server 2003 and above all require the administrator to create a recovery agent certificate/smart card certificates or public key. The recovery agent certificate/key must be created prior to data encryption or the data cannot be decrypted by the DRA.