JSI Tip 4475. How to I restore my Encrypting File System (EFS) private key?

Jerold Schulman

November 20, 2001

2 Min Read
ITPro Today logo in a gray background | ITPro Today

NOTE: See tip 4474 for how to backup the EFS private key.

NOTE: The text in the following Microsoft Knowledge Base article is provided so that the site search can find this page. Please click the Knowledge Base link to insure that you are reading the most current information.

Microsoft Knowledge Base article Q242296 contains:

IN THIS TASK

  • SUMMARY

  • Restore the Designated Recovery Agent's EFS Private Key on Another Windows 2000 Installation

  • Troubleshooting

  • REFERENCES


SUMMARY

This article describes how to import an EFS recovery key that was previously exported to file on a disk using the procedure outlined in the following Microsoft Knowledge Base article:

Q241201 How to Backup Your EFS Private Key to Allow Data Recovery


If you lose your Encrypting File System (EFS) private key (for example, your computer installation is destroyed), a designated EFS recovery agent must restore the files. The designated recovery agent uses his or her EFS recovery agent private key to decrypt the files so they can be recovered.

back to the top

Restore the Designated Recovery Agent's EFS Private Key on Another Windows 2000 Installation

  1. Log on to your computer using the local Administrator account, or an account that is a designated EFS recovery agent.

  2. Browse to the path and file name of the .pfx file to which you exported the EFS recovery agent's private key, and then right-click the file.

  3. Click Install PFX to start the Certificate Import wizard.

  4. Click Next and confirm the file location and name.

  5. Click Next. Type the password for the private key, and then click Next.

  6. Click Place all certificates in the following store, and then click Browse.

  7. Click Personal, and then click OK.

  8. Click Finish, click Yes to add the certificate, and then click OK.

back to the top

Troubleshooting


After you successfully import the certificate, you should be able to use the local Administrator account or the recovery agent account to decrypt the files on the computer that failed. To confirm this, open one of the encrypted files (it should be accessible). If you want to make the file accessible to a new user or the original user, you must decrypt the file by removing the advanced properties encryption attribute. The new user can then re-encrypt the files using the new private key.

back to the top

REFERENCES


For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:

Q223316 Best Practices for Encrypting File System

Q223178 Transferring Encrypted Files That Need to Be Recovered

Q241201 How to Back Up Your Encrypting File System Private Key

back to the top





About the Author

Jerold Schulman

Jerold Schulman

See more from Jerold Schulman
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

You May Also Like

Editor's Choice

a stressed employee at their laptop and collaboration icons gone amok
Unified Communications
Microsoft Teams Is Acting Up. What Can We Do?Microsoft Teams Is Acting Up. What Can We Do?
byBrien Posey
Sep 12, 2024
4 Min Read
person placing a block between two columns of blocks
IT Management
Data Skills Gap Is Hampering Productivity; Is Upskilling the Answer?Data Skills Gap Is Hampering Productivity; Is Upskilling the Answer?
byNathan Eddy
Sep 7, 2024
7 Min Read
data privacy quiz sample question above a desk
Data Privacy
Data Privacy Quiz: 20 Questions To Test Your KnowledgeData Privacy Quiz: 20 Questions To Test Your Knowledge
byIan Horowitz
Aug 30, 2024
1 Min Read
Exclusive ITPro Resources
See all ITPro Resources

Featured How Tos

tablet with "cloud computing" on the screen on top of financial documents and calculator
Cloud Computing
Guide to Cloud Computing ETFsGuide to Cloud Computing ETFs
A cartoon of a person sitting at a computer, with speech bubbles—one from the person saying Hello and one from the computer responding with Hello
PowerShell
PowerShell Speech Recognition: How To Set up Voice Commands and ResponsesPowerShell Speech Recognition: Set up Voice Commands and Responses
Migrating From VMware Guide cover
VMWare
Migrating From VMware: Guide to a Successful TransitionMigrating From VMware: Guide to a Successful Transition
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up
Trending

Recent What Is

list of domains within the umbrella category of IT security
IT Security
What Is IT Security? Essentials of IT Security ExplainedWhat Is IT Security? Essentials of IT Security Explained
ITPro Today's tech careers quick reference guide cover
Career Management
Tech Careers: Quick Reference Guide to IT Job TitlesTech Careers: Quick Reference Guide to IT Job Titles