When you encrypt files to protect them from prying eyes, you run the risk of protecting them from yourself and ultimately losing the data. EFS requires the user's private key (associated with the user's EFS public-key certificate) to decrypt a file. As long as this key is available, EFS-protected files are accessed just like a normal file. In the event of key loss, however, a secondary means of retrieving the data is necessary. Another kind of key loss occurs with the voluntary or involuntary departure of a userfor example, a user who encrypts company files might leave the company. Multiuser sharing described in the previous section lessens this problem, but consider the situation where sharing isn't enabled.
The ability to recover files starts when an individual user backs up his or her EFS public-key certificate and associated private key. To back up this information, the user must export the certificate and key through the Certificates snap-in in the MMC. (See the "Exporting Certificates and Private Keys" section earlier in this chapter.) If the private key is ever lost, the user can import the saved EFS private key and certificate and salvage the data. To do so, complete these steps:
1. Launch the Certificates MMC snap-in.
2. Select Personal from the console tree, right-click the Certificates folder, and choose All Tasks and then Import from the shortcut menu.
3. Use the Certificate Import Wizard to restore the backup key, which allows access to the encrypted file again.
Was this article helpful?