| <<< EFS Best Practices | Index | EFS Details >>> |
If the person who encrypted the file loses that certificate and the associated private key, data recovery is performed through the recovery key agent.
In case of a Windows 200X server-based network, which uses Active Directory, the recovery agent is assigned by default to the domain administrator.
The recovery agent holds a special certificate and related private key.
The recovery certificate is issued by a certification authority (CA).
Using the recovery certificate and its related private key, the agent can recover the data.
| <<< EFS Best Practices | Index | EFS Details >>> |