Add a Recovery Agent for the Local Computer

In this exercise, we'll add a recovery agent for the local computer.

1. Click Start | Run, type mmc in the Open: text box, and then click OK.

2. On the File menu, select Add/Remove Snap-in, and then click Add.

3. In the Add Standalone Snap-in dialog, scroll down until you locate Group Policy Object Editor and then click Add.

4. In the Select Group Policy Object screen, verify that Local Computer is the selected Group Policy Object and then click Finish.

5. Click Close to close the Add Standalone Snap-in dialog, then click OK to close the Add/Remove Snap-in dialog and return to the MMC.

6. In the left pane, click the + to expand the Local Computer Policy node.

7. Click to expand the following nodes, in order: Computer Configuration | Windows Settings | Security Settings | Public Key Settings.

8. Right-click Encrypting File System to select it and then select Properties, as shown in Figure 9.32.

Figure 9.32 Encrypting File System Properties Dialog

Figure 9.32 Encrypting File System Properties Dialog

9. To disable EFS on this computer, clear the check box labeled Allow users to encrypt files using Encrypting File System (EFS). To enable EFS, this check box must be selected.

10. Click OK or Cancel to close the Properties dialog. Right-click the Encrypting File System node in the left pane and select Add Data Recovery Agent. This will launch the Add Recovery Agent Wizard. You'll need to provide the username for a user that has a published recovery certificate. You can also browse for .CER files that contain information about the recovery agent you're adding.

11. Click Next to access the Select Recovery Agents screen in the wizard. You can browse directories or folders, as shown in Figure 9.33. Once you've selected the users, click Next.

Figure 9.33 Select Recovery Agents Dialog

Figure 9.33 Select Recovery Agents Dialog

12. The final screen shows the users you've added and the certificates used. Click Finish to close the wizard. The users you've added should now be displayed in the right pane of the MMC.

If you don't have certificates installed and you're working on a stand-alone system as the Administrator, you can complete this exercise by using the cipher command to create a certificate and private keys and then point the wizard to these files. These steps are described briefly in Exercise 9.07.

Computer Hard Drive Data Recovery

Computer Hard Drive Data Recovery

Learn How To Recover Your Hard Drive Data After A Computer Failure.

Get My Free Ebook

Post a comment