Add a recovery agent for the local computer

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To add a recovery agent for the local computer

Click Start, click Run, type mmc, and then click OK.
On the File menu, click Add/Remove Snap-in, and then click Add.
Under Add Standalone Snap-in, click Group Policy Object Editor, and then click Add.
Under Group Policy Object, make sure that Local Computer is displayed, and then click Finish.
Click Close, and then click OK.
In Local Computer Policy, click Public Key Policies.

Where?
- Local Computer Policy/Computer Configuration/Windows Settings/Security Settings/Public Key Policies
In the details pane, right-click Encrypting File System.
Click Add Data Recovery Agent, and then follow the instructions in the Add Recovery Agent Wizard.

Notes

To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.
Be prepared to provide the wizard with the user name for a user with a published recovery certificate. Alternatively, you can use the wizard to browse for .cer files that contain information about the recovery agent you are adding.
Adding a recovery agent from a file identifies the user as USER_UNKNOWN. This is because the name is not stored in the file.
Before you can add or create a recovery agent, you must configure Group Policy on your computer. For more information about using Group Policy, see Related Topics.

Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.