Wednesday, March 4, 2009

Add Cocovery Agent for Local Computer

To add a recovery agent for the local computer

  1. Click Start, click Run, type mmc, and then click OK.
  2. On the File menu, click Add/Remove Snap-in, and then click Add.
  3. Under Add Standalone Snap-in, click Group Policy, and then click Add.
  4. Under Group Policy Object, make sure that Local Computer is displayed, and then click Finish.
  5. Click Close, and then click OK.
  6. On the console tree, click Public Key Policies.

Where is the location?

    • Local Computer Policy

o    Computer Configuration

o        Windows Settings

o        Security Settings

o        Public Key Policies

 

  1. In the details pane, right-click Encrypted Data Recovery Agents.
  2. Click Add, and then follow the instructions in the Add Recovery Agent wizard.

Notes

  • You must be logged on as an administrator or a member of the Administrators group in order to complete this procedure. If your computer is connected to a network, network policy settings might also prevent you from completing this procedure.
  • Adding a recovery agent from a file identifies the user as USER_UNKNOWN. This is because the name is not stored in the file.
  • Before you can add or create a recovery agent, you must configure Group Policy on your computer. For more information about using Group Policy, see Related Topics.
  • In the Add Recovery Agent Wizard, be prepared to provide the wizard with the user name for a user with a published recovery certificate. Alternatively, you can use the wizard to browse for ..cer files that contain information about the recovery agent you are adding.

To back up default recovery keys to a floppy disk

  1. Click Start, click Run, type mmc, and then click OK.
  2. On the File menu, click Add/Remove Snap-in, and then click Add.
  3. Under Add Standalone Snap-in, click Certificates, and then click Add.
  4. Click My user account, and then click Finish.
  5. Click Close, and then click OK.
  6. Double-click Certificates - Current User, double-click Personal, and then double-click Certificates.
  7. Click the certificate that displays the words File Recovery in the Intended Purposes column.
  8. Right-click the certificate, point to All Tasks, and then click Export.
  9. Follow the instructions in the Certificate Export Wizard to export the certificate and associated private key to a .pfx file format.

Notes

  • This operation must be performed by the recovery agent account that has the recovery certificate and private key in their private store.
  • Before making any changes to the default recovery policy, be sure to secure the default recovery private key. The default recovery keys in a domain are stored on the first domain controller for the domain. The domain administrator is the default recovery agent.
  • For more information about using Certificates in MMC, see Related Topics.

No comments: