If you install Windows 7 on a stand-alone computer or on a computer that is part of a workgroup, then no DRA is created by default. To manually create a DRA, use the Cipher command-line utility as follows:

Cipher /R:filename

The CER file (self-signed public key certificate) can then be imported by an administrator into the local security policy, and the PFX file (private key) can be stored by an administrator in a secure location.

After you create the public and private keys to be used with EFS, perform the following steps to specify the DRA through Local Security Policy:

1. Through Local Security Policy, which you can access through Administrative Tools or the Local Computer Policy MMC snap-in, expand Public Key Policies and then Encrypting File System



2. Right-click Encrypting File System and select Add Data Recovery Agent.
3. The Add Recovery Agent Wizard starts. Click Next to continue.
4. The Select Recovery Agents screen appears. Click the Browse Folders button to access the CER file you created with the Cipher /R:filename command. Select the certificate and click Next.



5. The Completing The Add Recovery Agent Wizard screen appears. Confirm that the settings are correct and click Finish. You will see the data recovery agent listed in the Local Security Settings dialog box, under Encrypting File System.