Steve,
You have made a pfx. Great. Keep it safe, off of your machine,
on media that will not degrade, and do not forget the password.
If you delete the current EFS cert from your personal certificates,
then when you first use EFS after that a new EFS cert/key will be
generated. So, you could end up with some files encrypted by
different certs needing different keys to decrypt.
Before you use EFS in earnest, I would suggest that you first:
1. decrypt anything important, or at least have another copy
that is in the clear.
2. define a DRA, export its pfx, and perhaps have its key removed
from the system when you are done with experimenting and
define the final DRA for real use
Use an account as the DRA that you do not normally ever use
in order to reduce chances that it may get its profile corrupted.
3. experiment !!
With no files in jeopardy of complete loss, try encrypting some
files, removing your key, trying to access the files and failing,
importing your key, retrying and succeeding.
Import the pfx into a second file and try accessing the files.
Do the above with the DRA.
4. Check out the effect of administratively resetting the password
of the encrypting (or DRA) account. If the password is changed
using the interface that requires entry of the old password, there
is no interruption in access. If the administrative reset password
interface is used however, access is intentionally disrupted.
Make and use password disks feature available in User Accounts
control panel applet. (After an administrative reset, use the same
method to reset it back to what it was to regain EFS access.)
After you have a sense of the ways to handle EFS pfx files, etc.
then EFS is a very convenient and safe thing to use. This is
especially so if you read over the docs that have been referenced.
Remember, access to your EFS protected files is only as good
as your protection over unauthorized people being able to use
the encrypting account, or the DRA if the key is loaded in it.
Roger
