In a previous article, I outlined how to designate a user as a recovery agent. To recover a file, any recovery agent can simply remove the encryption attribute or open the file if they are in a domain. The process is a little different is you are using a stand-alone system. In such cases, the recovery key and certificate must first be exported and backed up by the local administrator. This can be done using the cipher command shown below.

Cipher /R:<filename>

It is important that the two files generated by the cipher /R command are kept safe and the password is not lost. These three things are necessary to recover encrypted files.
Imagine that the system has suffered a failure, and the encrypted files need to be recovered on another system. The original recovery agent key and certificate are different on this system so the files cannot be recovered by the local administrator. You now need the backed up key and certificate and the associated password.

If you have a backup of the recovery key and certificate, you can complete the steps below. The steps below assume that you are recovering encrypted files on another system.

  1. Locate the saved PFX and CER files.
  2. Right click the PFX file and select Install PFX.
  3. The Certificate Import Wizard will appear. Click Next to continue.
  4. You will be prompted for the file to import. Click next to accept the default (the file you originally selected)
  5. Enter the password that you specified when you originally created the files. Do not check the Enable private key protection option.
  6. You are now prompted for the store in which to place the certificate. Select Place all certificates in the following store then click Browse.
  7. Select the Personal store from the list and click OK.
  8. Click Next.
  9. The certificate will be imported into the personal store.
  10. A summary will appear. Click Finish to import the certificate.
  11. You will be notified if the certificate is successfully imported.

Assuming that the certificate import was successful, you should now be able to open the encrypted files that have been restored from the failed system on which you were a recovery agent.

[tags]efs,microsoft certification,exam,encrypting file system,encryption[/tags]