If a certificate that is used to encrypt data with Encrypting File System (EFS) is lost, the data cannot be recovered unless a key recovery agent has been configured. Establishing a key archival and recovery plan based on Microsoft certification authority (CA) certificates can help you protect your organization's data resources from becoming irretrievable if the original EFS key is no longer accessible.

Task Reference

Set up additional subordinate CAs. (Optional)

Install a Subordinate Certification Authority

Install and configure certificate templates.

Managing Certificate Templates (http://go.microsoft.com/fwlink/?LinkId=142230)

Configure key archival and recovery.

Managing Key Archival and Recovery

Configure certificate enrollment.

Managing Certificate Enrollment

  • Checklist: Configure CAs to Issue and Manage Certificates
  • Checklist: Enhance Certificate Revocation Checking in Diverse Environments by Setting Up an Online Responder Array