Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
A data recovery agent (DRA) is an individual who decrypts data that's encrypted by other users on a Windows operating system. Data recovery agents are assigned and authorized Windows users who can decrypt any or all users' data, typically in case of disaster, emergency or a system crash.
DRA is primarily used in enterprise networking environments with many different end user workstations managed centrally through a Windows Server. Generally, the role of DRA is performed by the network/system administrator. Typically, the DRA is defined and configured at each domain, network or at machine level within Windows Group Policy and Active Directory.
Except in Windows 2000, where the local administrator is the default DRA, Windows XP, Windows, Windows Server 2003 and above all require the administrator to create a recovery agent certificate/smart card certificates or public key. The recovery agent certificate/key must be created prior to data encryption or the data cannot be decrypted by the DRA.