How to add an EFS recovery agent in Windows XP Professional
To create an EFS recovery agent key and certificate for selected users, follow these steps.
Step 1: Export recovery certificates and the private key
- Log on to the computer as the user who you want to create the encrypting file for.
- Click Start, click Run, type CMD, and then click OK.
- At the command prompt, type the following, and then press ENTER:cipher /r:filename
- Type the password that you want to use when you receive the following message: Please type in the password to protect your .PFX file:
The system createsa .PFX file that contains the certificate and the private key and a .CER file that contains only the certificate. You receive the following verification message:Your .CER file was created successfully.
Your .PFX file was created successfully.
Step 2: Import recovery certificates and the private key
- Log on to the computer as the administrator.
- Click Start, click Run, type gpedit.msc, and then click OK.
- In the Group Policy Object Editor, expand the following nodes:Local Computer Policy
Public Key Policies
- Right-click Encrypting File System, and then click Add Data Recovery Agent.
- Click Next, and then click Browse Folders.
- Select the *.CER file that you created earlier, and then click Open.
Note By default, the certificate is created in the %userprofile% folder.
- Click Next, and then click Finish.
Article ID: 887414 - Last Review: 10/09/2011 18:52:00 - Revision: 2.0
- kbinfo kbhowto KB887414