Checklist: Protect Encrypted Data from Loss by Enabling Key Archival and Recovery
Applies To: Windows Server 2008
If a certificate that is used to encrypt data with Encrypting File System (EFS) is lost, the data cannot be recovered unless a key recovery agent has been configured. Planning for and establishing a key archival and recovery plan based on Microsoft certification authority (CA) certificates can help you protect your organization's data resources from becoming irretrievable if the original EFS key is no longer accessible.
| Task | Reference |
|---|---|
Set up additional subordinate CAs. (Optional) |
|
Install and configure certificate templates. |
|
Configure key archival and recovery. |
|
Configure certificate enrollment. |