Microsoft KB Archive/242296

= HOW TO: Restore an Encrypting File System Private Key for Encrypted Data Recovery in Windows 2000 =

PSS ID Number: 242296

Article Last Modified on 11/13/2003

-

The information in this article applies to:


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional

-



This article was previously published under Q242296



IN THIS TASK

 * SUMMARY
 * ** Restore the Designated Recovery Agent's EFS Private Key on Another Windows 2000 Installation
 * Troubleshooting
 * REFERENCES



SUMMARY
This article describes how to import an EFS recovery key that was previously exported to file on a disk using the procedure outlined in the following Microsoft Knowledge Base article:

241201 HOW TO: Back Up Your Encrypting File System Private Key in Windows 2000

If you lose your Encrypting File System (EFS) private key (for example, your computer installation is destroyed), a designated EFS recovery agent must restore the files. The designated recovery agent uses his or her EFS recovery agent private key to decrypt the files so they can be recovered.

back to the top

Restore the Designated Recovery Agent's EFS Private Key on Another Windows 2000 Installation

 * 1) Log on to your computer using the local Administrator account, or an account that is a designated EFS recovery agent.
 * 2) Browse to the path and file name of the .pfx file to which you exported the EFS recovery agent's private key, and then right-click the file.
 * 3) Click Install PFX to start the Certificate Import wizard.
 * 4) Click Next and confirm the file location and name.
 * 5) Click Next. Type the password for the private key, and then click Next.
 * 6) Click Place all certificates in the following store, and then click Browse.
 * 7) Click Personal, and then click OK.
 * 8) Click Finish, click Yes to add the certificate, and then click OK.

back to the top

Troubleshooting
After you successfully import the certificate, you should be able to use the local Administrator account or the recovery agent account to decrypt the files on the computer that failed. To confirm this, open one of the encrypted files (it should be accessible). If you want to make the file accessible to a new user or the original user, you must decrypt the file by removing the advanced properties encryption attribute. The new user can then re-encrypt the files using the new private key.

back to the top

