Wednesday, March 4, 2009

Recover Enscripted File

To recover an encrypted file or folder if you are a designated recovery agent

  1. Use Backup or another backup tool to restore a user's backup version of the encrypted file or folder to the computer where your file recovery certificate and recovery key are located.
  2. Open Windows Explorer.
  3. Right-click the file or folder and then click Properties.
  4. On the General tab, click Advanced.
  5. Clear the Encrypt contents to secure data check box.
  6. Make a backup version of the decrypted file or folder and return the backup version to the user.

Notes

  • To open Windows Explorer, click Start, point to All Programs, point to Accessories, and then click Windows Explorer.
  • You can return the backup version of the decrypted file or folder to the user as an e-mail attachment, on a floppy disk, or on a network share.
  • You can also physically transport the recovery agent's private key and certificate, import the private key and certificate, decrypt the file or folder, and then delete the imported private key and certificate. This procedure exposes the private key more than the procedure above but does not require any backup or restore operations or file transportation.
  • If you are the recovery agent, use the Export command from Certificates in Microsoft Management Console (MMC) to export the file recovery certificate and private key to a floppy disk. Keep the floppy disk in a secure location. Then, if the file recovery certificate or private key on your computer is ever damaged or deleted, you can use the Import command from Certificates in MMC to replace the damaged or deleted certificate and private key with the ones you have backed up on the floppy disk.
  • For more information about using Certificates in MMC, see Related Topics.

To recover an encrypted file or folder without the file encryption certificate

  1. Open Backup.
  2. Use Backup to make a copy of the file in case of loss or damage.
  3. Send the original encrypted file to the designated recovery agent.
  4. Have the recovery agent use their recovery certificate and private key to decrypt the file.
  5. Have the recovery agent send the decrypted file back to you, using any file transfer method that is desired.

Notes

  • To start Backup, click Start, point to All Programs, point to Accessories, point to System Tools, and then click Backup.
  • The administrator of the local computer is the default recovery agent, unless you are in an Active Directory domain environment. In an Active Directory domain environment, the administrator that initially logged on to the first domain controller is the default recovery agent.
  • Sending the file to the designated recovery agent can be done in a number of ways, including backing up the file up to tape or floppy disk.
  • Files backed up using Backup or any other backup tool retain their encryption while in their backup storage location. The original files can be decrypted or modified without affecting the encrypted state of the backup copies.
  • You can recover an encrypted file or folder yourself if you have kept a backup copy of your file encryption certificate and private key in a .pfx file on a floppy disk. Use the import command from Certificates in Microsoft Management Console (MMC) to import the .pfx file from the floppy disk into the Personal store.
  • For more information about using Certificates in MMC, see Related Topics.

 

No comments: