Create a data recovery proxy

Data Recovery proxy is a user account authorized to access files protected by EFS. Windows XP Professional does not automatically create local data recovery agents for independent computers or workgroup members. You must manually create and register a data recovery certificate on your computer. You can only use the data recovery agent to restore the data encrypted after the data recovery certificate is created and the data recovery agent is registered.

Important: If you have encrypted some files and folders before creating a data recovery proxy, we recommend that you decrypt these files and folders and then encrypt them again after registering the data recovery proxy.

Requirement • the easiest way to create a data recovery Certificate is to use the cipher.exe utility. • To register a data recovery agent for a local computer, you must be a member of the local administrator group.

Create a data recovery Certificate

1. ClickStartAndRunAnd then enterCMD, And then clickOK.

2. EnterCipher/R:File Name, And then pressEnterKey.

Note: Use a file name that is meaningful to you. Do not add an extension for a file name.

3. When prompted, enter the enhanced password and clickEnterKey. At this time, you will be prompted to enter the password twice to ensure that the password is correct.

This process will be performed on \ Documents and Settings \UsernameCreate two files in the folder: the private key of the data recovery CertificateFilename. Pfx,And used to configure a recovery policy for the Local ComputerFilename. Cer.

After these keys are generated, you must modify the recovery policy for the Local Computer to register a new data recovery agent. This allows you to use a new data recovery certificate to restore encrypted files on your computer.

After registering a new data recovery agentFilename. Pfx andFilenameCopy. Cer to the secure backup media, delete them from the local computer, and place the backup copies in a secure location.

To register a data recovery agent for a local computer

1. ClickStartAndRunAnd then enterMMC, And then clickOK.

2. InFileClickAdd/delete a Management Unit. ClickAdd.

3. InAdd Independent Management UnitIn the dialog box, clickGroup Policy. ClickComplete.

4. InGroup Policy ObjectTo make sure thatLocal Computer. ClickComplete.

5. InAdd Independent Management UnitIn the dialog box, clickCloseAnd thenAdd/delete a Management UnitIn the dialog box, clickOK.

6. InLocal Computer Policy, NavigateComputer Configuration\Windows Settings\Security Settings\Public Key Policy. Right-clickEncrypted File SystemAnd then clickAdd data recovery proxy. WhenAdd recovery agent wizard, ClickNext step.

7. InSelect recovery proxyClickBrowse foldersTo browse to the data recovery certificate created in the previous process (Filename. CER), select the certificate, and clickOpenAnd then clickNext step.

Verify that a data recovery agent has been created

After you register a data recovery proxy certificate according to the Local Security Policy, a page is displayed to notify you that the data has been successfully completed.Add recovery agent wizard. Review the information about the user specified as the data recovery agent, clickComplete.

Protect sensitive information on Windows XP Professional in the workgroup to prevent theft