To change the recovery policy for a domain
1. | Open Active Directory Users and Computers |
2. | Right-click the domain whose recovery policy you want to change, and then click Properties. |
3. | Click the Group Policy tab. |
4. | Right-click the recovery policy you want to change, and then click Edit. |
5. | In the console tree, click Encrypted Data Recovery Agents. Where? Computer Configuration > Windows Settings > Security Settings > Public Key Policies > Encrypted Data Recovery Agents |
6. | In the details pane, right-click the Encrypted Data Recovery Agent and click the appropriate action you want to take. |
Important
| • | Before changing the recovery policy in any way, you should first back up the recovery keys to a floppy disk. |
Note
| • | You must be logged on as an administrator or a member of the Administrators group in order to complete this procedure. If your computer is connected to a network, network policy settings may also prevent you from completing this procedure. |
| • | To start Active Directory Users and Computers, open a Remote Desktop Connection to either a Windows 2000 domain controller or a member server that has Windows 2000 Administration Tools installed. You must log on to the server as a domain administrator in order to complete this procedure. |
| • | You can right-click Encrypted Data Recovery Agents to see the changes you can make. |
| • | In a domain, a default recovery policy is implemented for the domain when the first domain controller is set up. The first domain administrator is issued the self-signed certificate, which designates the domain administrator as the recovery agent. To change the default recovery policy for a domain, log on to the first domain controller as an administrator. |
Related Topics
| • | |
| • |