EFS and Certificates on Standalone XP Pro

[Charlie Chong]

Ok, I want to make use of EFS Encrypted Filesystem with
the use of a Recovery Certificate, so that if one of the
users of this machine leaves, and he or she forgets to
decrypt the files, a dedicated account can use recovery
certificate to gain access.

I am having a problem though getting the system to allow
the creation of the EFS Recovery association and the
dedicated account.

Any pointers or suggestions will be appreciated.

I used MMC to create a personal certificate for the sole
purpose of EFS recovery.

I then exported this certificate to a file, so I could
run the DATA RECOVERY AGENT WIZARD and specify this new
EFS RECOVERY FILE which holds the certificate and public
key information.

But when I try to specify it, the WIZARD says the
certificate is usless with respect to EFS Recovery, and
proceeds to ask me again for a new file.

I am sure I missed something important, however, after
gleaning the bundled documentation, and searching the WWW
for tips, I have become a little frustrated, and am
hoping someone here can help.

Thanks in advance!!!!

 

[Charlie chong]

I found out by much reading, that one must run the cipher
command with the /r:<filenane> argument first to create
the certificate for EFS Recovery Agent.

Man, something so easy, not so clear...hmmmmm why?...lol

 

[Drew Cooper [MSFT]]

IIRC, it was addededue to changes later in the cycle. And it was more of a
"geek" feature than an "average user" feature, so support through cmdline
tool, but not necessarily easy through UI.