Article ID: 257705 - View products that this article applies to.
This article was previously published under Q257705
This article has been archived. It is offered "as is" and will no longer be updated.
This article describes how to reinitialize the local recovery policy on a Windows 2000-based computer. This process does not reinitialize a domain recovery policy. For Windows 2000-based domain members, the local recovery policy is superseded by the domain recovery policy.
Encrypting File System (EFS) provides built-in data recovery by enforcing a recovery policy requirement. The requirement is that a recovery policy must be in place before you can encrypt files. The recovery policy provides for a person to be designated as the recovery agent. When an administrator logs on to the computer for the first time, a default recovery policy is automatically created, which makes that account the recovery agent.
The local recovery policy contains the EFS Recovery certificate for the Recovery agent. As long as the policy is populated with this certificate, users can encrypt files. It is possible, however, to lose the private key associated with the Recovery certificate (if the user profile is deleted, for example). If this occurs, the Recovery agent is unable to recover any encrypted files.
Computers that are in a workgroup are most susceptible to this. Computers that are members of a domain inherit their recovery policy from that domain.