To recover an encrypted file or folder without the file encryption certificate


Open Backup 


Use Backup to make a copy of the file in case of loss or damage.


Send the original encrypted file to the designated recovery agent.


Have the recovery agent use their recovery certificate and private key to decrypt the file.


Have the recovery agent send the decrypted file back to you, using any file transfer method that is desired.


To start Backup, click Start, point to All Programs, point to Accessories, point to System Tools, and then click Backup

The administrator of the local computer is the default recovery agent, unless you are in an Active Directory domain environment. In an Active Directory domain environment, the administrator that initially logged on to the first domain controller is the default recovery agent.

Sending the file to the designated recovery agent can be done in a number of ways, including backing up the file up to tape or floppy disk.

Files backed up using Backup or any other backup tool retain their encryption while in their backup storage location. The original files can be decrypted or modified without affecting the encrypted state of the backup copies.

You can recover an encrypted file or folder yourself if you have kept a backup copy of your file encryption certificate and private key in a .pfx file on a floppy disk. Use the import command from Certificates in Microsoft Management Console (MMC) to import the .pfx file from the floppy disk into the Personal store.

For more information about using Certificates in MMC, see Related Topics.

Recovering data

Using Backup

Using Certificates

© 2016 Microsoft Corporation. All rights reserved. Contact Us |Terms of Use |Trademarks |Privacy & Cookies