Saturday 10 September 2011

Create/ Install/ Update a recovery certificate for encrypted files

You must be logged on as an Administrator to perform these steps.
A recovery certificate is a special Encrypting File System (EFS) certificate you can use to recover encrypted files if your encryption key is lost or damaged. You need to create the recovery certificate, install it, and then update previously encrypted files with the new recovery certificate.

Note
These steps cannot be completed on Windows 7 Starter, Windows 7 Home Basic, and Windows 7 Home Premium.

To create a recovery certificate

You should store your recovery certificate on removable media such as a disc or USB flash drive.
  1. Open the Command Prompt window by clicking the Start button Picture of the Start button. In the search box, type Command Prompt, and then, in the list of results, click Command Prompt.
  2. Insert the removable media that you're using to store your certificate.
  3. Navigate to the directory on the removable media drive where you want to store the recovery certificate by typing drive letter: (where drive letter is the letter of the removable media), and then press Enter.
  4. Type cipher /r:file name (where file name is the name that you want to give to the recovery certificate), and then press Enter. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

Notes

  • Windows will store the certificate in the directory shown at the command prompt.
  • You should store the removable media containing the recovery certificate in a secure location, such as a locked desk drawer.

To install the recovery certificate

  1. Insert the removable media that contains your recovery certificate.
  2. Click the Start button Picture of the Start button. In the search box, type secpol.msc, and then press Enter.‌ Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  3. In the left pane, double-click Public Key Policies, right-click Encrypting File System, and then click Add Data Recovery Agent. This opens the Add Recovery Agent wizard.
  4. Click Next, and then navigate to your recovery certificate.
  5. Click the certificate, and then click Open.
  6. When you are asked if you want to install the certificate, click Yes, click Next, and then click Finish.
  7. Open the Command Prompt window by clicking the Start button Picture of the Start button. In the search box, type Command Prompt, and then, in the list of results, click Command Prompt.
  8. At the command prompt, type gpupdate, and then press Enter.

To update previously encrypted files with the new recovery certificate

  1. Log on to the account you were using when you first encrypted the files.
  2. Open the Command Prompt window by clicking the Start button Picture of the Start button. In the search box, type Command Prompt, and then, in the list of results, click Command Prompt.
  3. At the command prompt, type cipher /u, and then press Enter.
    If you choose not to update encrypted files with the new recovery certificate at this time, the files will automatically be updated the next time you open them.

Posted by Newbie at 12:24
Labels:

No comments:

Post a Comment

Do not post irrelevant comments, please!

Subscribe to: Post Comments (Atom)
Browser Name:
Browser Version:
Browser Code Name:
User-Agent: