To add a recovery agent for the local computer
1. | Click Start, click Run, type mmc, and then click OK. |
2. | On the File menu, click Add/Remove Snap-in, and then click Add. |
3. | Under Add Standalone Snap-in, click Group Policy, and then click Add. |
4. | Under Group Policy Object, make sure that Local Computer is displayed, and then click Finish. |
5. | Click Close, and then click OK. |
6. | On the console tree, click Public Key Policies. Where? Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Public Key Policies |
7. | In the details pane, right-click Encrypted Data Recovery Agents. |
8. | Click Add, and then follow the instructions in the Add Recovery Agent wizard. |
Note
| • | You must be logged on as an administrator or a member of the Administrators group in order to complete this procedure. If your computer is connected to a network, network policy settings may also prevent you from completing this procedure. |
| • | Adding a recovery agent from a file identifies the user as USER_UNKNOWN. This is because the name is not stored in the file. |
| • | Before you can add or create a recovery agent, you must configure Group Policy on your computer. For more information about using Group Policy, see Related Topics. |
| • | In the Add Recovery Agent Wizard, be prepared to provide the wizard with the user name for a user with a published recovery certificate. Alternatively, you can use the wizard to browse for .cer files that contain information about the recovery agent you are adding. |
