How to Restore an Encrypting File System Private Key for Encrypted Data Recovery

ID: Q242296

The information in this article applies to:
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Server

SUMMARY

If you lose your Encrypting File System (EFS) private key (for example, your computer installation is destroyed), a designated EFS recovery agent must restore the files. The designated recovery agent uses his or her EFS recovery agent private key to decrypt the files so they can be recovered.


MORE INFORMATION

This article describes how to import an EFS recovery key that was previously exported to file on a disk using the procedure outlined in the following Microsoft Knowledge Base article:

Q241201 How to Backup Your EFS Private Key to Allow Data Recovery
To restore the designated recovery agent's EFS private key on another Windows 2000 installation:
  1. Log on to your computer using the local Administrator account, or an account that is a designated EFS recovery agent.


  2. Browse to the path and file name of the .pfx file to which you exported the EFS recovery agent's private key, and then right-click the file.


  3. Click Install PFX to start the Certificate Import wizard.


  4. Click Next and confirm the file location and name.


  5. Click Next. Type the password for the private key, and then click Next.


  6. Click Place all certificates in the following store, and then click Browse.


  7. Click Personal, and then click OK.


  8. Click Finish, click Yes to add the certificate, and then click OK.


After you successfully import the certificate, you should be able to use the local Administrator account or the recovery agent account to decrypt the files on the computer that failed. To confirm this, open one of the encrypted files (it should be accessible). If you want to make the file accessible to a new user or the original user, you must decrypt the file by removing the advanced properties encryption attribute. The new user can then re-encrypt the files using the new private key.


REFERENCES

For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:

Q223316 Best Practices for Encrypting File System
Q223178 Transferring Encrypted Files That Need to Be Recovered
Q241201 How to Back Up Your Encrypting File System Private Key

Additional query words: encrypt denied

Keywords : kbenv
Version : WINDOWS:2000
Platform : WINDOWS
Issue type : kbinfo


Last Reviewed: December 29, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.