To add a recovery agent for a domain
1. | Open Active Directory Users and Computers |
2. | Right-click the domain whose recovery policy you want to change, and then click Properties. |
3. | Click the Group Policy tab. |
4. | Right-click the recovery policy you want to change, and then click Edit. |
5. | In the console tree, click Encrypted Data Recovery Agents. Where? Computer Configuration > Windows Settings > Security Settings > Public Key Policies > Encrypted Data Recovery Agents |
6. | In the details pane, right-click, then click Add, and follow the instructions. |
Note
| • | You must be logged on as an administrator or a member of the Administrators group in order to complete this procedure. If your computer is connected to a network, network policy settings may also prevent you from completing this procedure. |
| • | To start Active Directory Users and Computers, open a Remote Desktop Connection to either a Windows 2000 domain controller or a member server that has Windows 2000 Administration Tools installed. You must log on to the server as a domain administrator in order to complete this procedure. |
| • | This operation can be performed on any sites, domains or organizational units within an Active Directory forest. |
| • | Adding a recovery agent from a file identifies the user as USER_UNKNOWN. This is because the name is not stored in the file. |
| • | Before you can add or create a recovery agent, you must configure Group Policy on your computer. For more information about using Group Policy, see Related Topics. |
Related Topics
| • | |
| • | |
| • | |
| • | |
| • |