Transferring Encrypted Files That Need to Be Recovered
Article ID: 223178 - View products that this article applies to.
This article was previously published under Q223178
You can use the Encrypted File System (EFS) to encrypt the files on a volume so that the data can be read only by the intended users, even if other users gain access to the data.
At some point, it may become necessary for a recovery agent to recover the data (for example, a user leaves the company or loses the public/private key). In this case, you may need to transfer the file to a recovery agent at another location. You can transfer the data with Windows 2000 Backup.
NOTE: By default, the administrator in the domain is the recovery agent for that domain. In the case of a standalone workstation or server, the local administrator account is the recovery agent. Additional recovery agents can be defined by the administrator.
If you need to transfer encrypted data to a recovery agent at another location, you can use the Backup program included with Windows 2000. Backup treats the encrypted data as any other data stream. The recovery agent can then restore the .bkf file created by Backup and perform the file recovery.
NOTE: The file must be restored to a drive that uses the Windows 2000 NTFS file system. If not, the file is skipped during the restore process.