To create an EFS recovery agent key and certificate for selected users, follow these steps.
Step 1: Export recovery certificates and the private key
- Log on to the computer as the user who you want to create the encrypting file for.
- Click Start, click Run, type CMD, and then click OK.
- At the command prompt, type the following, and then press ENTER:cipher /r:filename
- Type the password that you want to use when you receive the following message:
The system creates a .PFX file that contains the certificate and the private key and a .CER file that contains only the certificate. You receive the following verification message:
Step 2: Import recovery certificates and the private key
- Log on to the computer as the administrator.
- Click Start, click Run, type gpedit.msc, and then click OK.
- In the Group Policy Object Editor, expand the following nodes:Local Computer Policy
Public Key Policies
- Right-click Encrypting File System, and then click Add Data Recovery Agent.
- Click Next, and then click Browse Folders.
- Select the *.CER file that you created earlier, and then click Open.
Note By default, the certificate is created in the %userprofile% folder.
- Click Next, and then click Finish.
Article ID: 887414 - Last Review: Mar 29, 2017 - Revision: 3