Your network consists of one Active Directory domain. You have two computers named Computer1
and Computer2 that run Windows 7. Both computers are members of the domain.
From Computer1, you can recover all Encrypting File System (EFS) encrypted files for users in the
domain.
You need to ensure that you can recover all EFS encrypted files from Computer2.
What should you do?
A.
On Computer1, back up %systemroot%\DigitalLocker. On Computer2, restore
%systemroot%\DigitalLocker.
B.
On Computer1, export the data recovery agent certificate. On Computer2, import the data
recovery agent certificate.
C.
On Computer1, run Secedit.exe and specify the /export parameter. On Computer2, run
Secedit.exe and specify the /import parameter.
D.
On Computer1, run Cipher.exe and specify the /removeuser parameter. On Computer2, run
Cipher.exe and specify the /adduser parameter.
Explanation:
You can import the recovery agent to another computer running Windows 7 if you want to recover
files encrypted on the first computer. You can also recover files on another computer running
Windows 7 if you have exported the EFS keys from the original computer and imported them on the
new computer. You can use the Certificates console to import and export EFS keys.
NOT Secedit.exe:
You can use both the Local Group Policy Editor and the Local Security Policy console to import and
export security-related Group Policy settings. You can use this import and export functionality to
apply the same security settings to stand-alone computers that are not part of a domain
environment. Exported security files are written in Security Template .inf format. As well as using
Local Group Policy Editor and the Local Security Policy console to import policies that are stored in
.inf format, you can apply them using the Secedit.exe command-line utility.
NOT Cipher.exe /removeuser /adduser.
NOT DigitalLocker.