You have a computer that runs Windows 7. You create an Encrypting File System (EFS) recovery key and certificate. You need to ensure that your user account can decrypt all EFS files on the computer. What should you do?
A.
From Credential Manager, add a Windows credential.
B.
From Credential Manager, add a certificate-based credential.
C.
From the local computer policy, add a data recovery agent.
D.
From the local computer policy, modify the Restore files and directories setting.
Explanation:
EFS Recovery
Recovery Agents are certificates that allow the restoration of EFS encrypted files. When a recovery
agent has been specified using local policies, all EFS encrypted files can be recovered using the recovery agent private key. You should specify a recovery agent before you allow users to encrypt files on a client running Windows 7. You can recover all files that users encrypt after the creation of a recovery agent using the recovery agent�s private key. You are not able to decrypt files that were encrypted before a recovery agent certificate was specified.
You create an EFS recovery agent by performing the following steps:
1. Log on to the client running Windows 7 using the first account created, which is the default administrator account.
2. Open a command prompt and issue the command Cipher.exe /r:recoveryagent
3. This creates two files: Recoveryagent.cer and Recoveryagent.pfx. Cipher.exe prompts you to specify a password when creating Recoveryagent.pfx.
4. Open the Local Group Policy Editor and navigate to the Computer ConfigurationWindows SettingsSecurity SettingsPublic Key PoliciesEncrypting File System node.
Right-click this node and then click Add Data Recovery Agent. Specify the location of Recoveryagent.cer to specify this certificate as the recovery agent.
5. To recover files, use the certificates console to import Recoveryagent.pfx. This is the recovery agent�s private key. Keep it safe because it can be used to open any encrypted file on the client running Windows 7.