Tech Tips / Windows XP / Security
Designate a DRA and recover encrypted files
In order to recover users' files, you'll need to create a DRA. However, you must first have a recovery certificate.
Follow these steps to create a DRA certificate:
- Log on as an administrator.
- In the command prompt, type cipher.exe /r:filename.
-
Type the password at the prompt. This will create a new DRA
certificate and the
private key.
After obtaining the certificate, follow these steps to designate a DRA:
- Log on as an administrator or user who will become the DRA.
- Open the Local Security Policy snap-in from the Administrative Tools folder.
- Expand Public Key Policies.
-
Right-click Encrypting File System and select Add Data Recovery
Agent, which
will start the Add Recovery Agent Wizard. -
In the Wizard browser, import the .cer file that was created with
the cipher utility.
This will designate the DRA.
Be sure to place the certificate and private key that was created with the cipher utility in a safe place. Don't leave them on the hard drive, because anyone who obtains them can decrypt the files that were created since the DRA designation.
Note: The DRA can only recover files that are encrypted after its designation. Files created before the DRA are unrecoverable.
Submit your Tech Tips
If you're an experienced IT professional and would like to share your expertise with other Setup32.com readers, why not submit a new tip to our Tech Tips area?
Latest Tech Tips in this category
- Automatically generate and assign strong passwords in Windows XP
- Encrypt the local copy of remote files
- Comparing EFS in Win2K and WinXP
- Right-click to encrypt
- Discover two ways to disable EFS
- How to import the certificate with private key
- How to export your certificate with the private key
- A few more EFS best practices
Certification Links
Contact Us | Advertise | Authors | Subject Index | RSS Feeds 
Copyright ©2009 Setup32.com