.png?width=100&auto=webp&quality=80&disable=upscale "Picture of John Savill")
.png?width=400&auto=webp&quality=80&disable=upscale "John Savill")
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
How can I backup my local Encrypted File System recovery key?
John Savill
January 8, 2000
1 Min Read
A. When a machine is in a domain the domains EFS recovery agents isused to decrypt files for which the user has lost their private key.
In a workgroup or in a 4.0 based domain the recovery agent is the localAdministrator so its vital to backup the Administrators private key. To do thisperform the following:
Logon to the computer as the local Administrator account
From the Start menu select Run
Enter the name 'secpol.msc'
Expand the 'Public Key Policies' branch and select 'Encrypted Data Recovery Agents' leaf
A certificate for Administrator with the role of 'File Recovery' will be displayed
Right click on the certificate and select 'Export' from the 'All Tasks' context menu
The certificate export wizard will start. Click Next
You have the option to also export the private key, select Yes. Click Next
Make sure 'Enable strong protection' is selected and click Next (you also have the option of removing the private key after it is backed up)
Enter a password for the exported key. Click Next
Enter the name for the exported file. Click Next
Click Finish
Click OK when the export is complete
If you choose to remove the private key after export you should now restore the computer
A file will now have been created in the target location containing thecertificate. Make sure you keep it safe. Its only about 2KB.
About the Author
You May Also Like
.png?width=700&auto=webp&quality=80&disable=upscale)