To back up default recovery keys to a floppy disk
1. | Click Start, click Run, type mmc, and then click OK. |
2. | On the File menu, click Add/Remove Snap-in, and then click Add. |
3. | Under Add Standalone Snap-in, click Certificates, and then click Add. |
4. | Click My user account, and then click Finish. |
5. | Click Close, and then click OK. |
6. | Double-click Certificates - Current User, double-click Personal, and then double-click Certificates. |
7. | Click the certificate that displays the words File Recovery in the Intended Purposes column. |
8. | Right-click the certificate, point to All Tasks, and then click Export. |
9. | Follow the instructions in the Certificate Export Wizard to export the certificate and associated private key to a .pfx file format. |
Note
| • | This operation must be performed by the recovery agent account that has the recovery certificate and private key in their private store. |
| • | Before making any changes to the default recovery policy, be sure to secure the default recovery private key. The default recovery keys in a domain are stored on the first domain controller for the domain. The domain administrator is the default recovery agent. |
| • | For more information about using Certificates in MMC, see Related Topics. |
