To add a recovery agent for a domain

1.

Open Active Directory Users and Computers

2.

Right-click the domain whose recovery policy you want to change, and then click Properties.

3.

Click the Group Policy tab.

4.

Right-click the recovery policy you want to change, and then click Edit.

5.

In the console tree, click Encrypted Data Recovery Agents.

Where?

Computer Configuration > Windows Settings > Security Settings > Public Key Policies > Encrypted Data Recovery Agents

6.

In the details pane, right-click, then click Add, and follow the instructions.

Note

You must be logged on as an administrator or a member of the Administrators group in order to complete this procedure. If your computer is connected to a network, network policy settings may also prevent you from completing this procedure. 

To start Active Directory Users and Computers, open a Remote Desktop Connection to either a Windows 2000 domain controller or a member server that has Windows 2000 Administration Tools installed. You must log on to the server as a domain administrator in order to complete this procedure.

This operation can be performed on any sites, domains or organizational units within an Active Directory forest.

Adding a recovery agent from a file identifies the user as USER_UNKNOWN. This is because the name is not stored in the file.

Before you can add or create a recovery agent, you must configure Group Policy on your computer. For more information about using Group Policy, see Related Topics.

Related Topics

Recovering data

Encrypting File System overview

Decrypt a file or folder

Encrypt a file or folder

Cipher



© 2016 Microsoft Corporation. All rights reserved. Contact Us |Terms of Use |Trademarks |Privacy & Cookies