To generate a recovery agent certificate, follow these steps in Microsoft windows xp:
1. Log on using a user account with administrator privileges.
2. Open a command prompt, and type cipher /r: filename, where filename is the name of the recovery agent certificate.
3. When prompted, type a password that will be used to protect the recovery agent Certificate.
When you create the recovery agent certificate, it creates both a .pfx file and a .cer file with the file name that you specify. You can designate any user account as a data recovery agent, but do not designate the account that encrypts the files as a recovery agent. Doing so provides little or no protection of the files. If the current user profile is damaged or deleted, you will lose all the keys that allow decryption of the files.
To designate an EFS recovery agent, follow these steps:
1. Log on using the user account that you want to designate as an EFS recovery agent. This can be the Administrator account, or you may want to create a special account just for this purpose. If you create a special account, make sure that you make the account a member of the Local Administrators group.
2. Click Start, click Run, type certmgr.msc, and then click OK.
3. In Certificates, under Certificates—Current User, expand Personal, and then click Certificates.
4. On the Action menu, click All Tasks, click Import to launch the Certificate Import Wizard, and then click Next.
5. On the File To Import page, enter the path and file name of the encryption certificate (a .pfx file) that you exported, and then click Next. If you click Browse, in the Files Of Type box you must select Personal Information Exchange to see .pfx files, and then click Next.
6. Enter the password for this certificate, select Mark This Key as Exportable, and then click Next.
7. Select Automatically Select the Certificate Store Based on the Type of Certificate, click Next, and then click Finish.
8. Click Start, click Run, type secpol.msc, and then click OK.
9. In Local Security Settings, under Security Settings, expand Public Key Policies, and then click Encrypting File System.
10. On the Action menu, click Add Data Recovery Agent, and then click Next.
11. On the Select Recovery Agents page, click Browse Folders, and then navigate to the folder that contains the .cer file that you created.
12. Select the file, and then click Open. The Select Recovery Agents page now shows the new agent as USER_UNKNOWN. This is normal because the name is not stored in the file.
13. Click Next and then click Finish.
The current user is now the recovery agent for all encrypted files on this computer.
Microsoft Windows xp >>
0 comments:
Post a Comment