Your capability to recover encrypted files hinges on two factors:

• Being listed by the Windows Local or Group Security Policy as a designated recovery agent.
• Possessing the file recovery certificate that holds the recovery key data.

With a few dirty tricks, it's possible for someone who steals your computer to get himself or herself in as an administrator and pose as the recovery agent. If you really want to ensure the privacy of your files with EFS, you have to save the file recovery certificate on a floppy disk or other removable medium and remove the certificate from your computer.

To back up and remove the recovery certificate, do the following:

1. Click the Start button and type mmc in the Search box.
2. When the Console appears, select File, Add/Remove Snap-In.
3. When the Add or Remove Snap-Ins dialog box appears, double-click Certificates, select My User Account, then click Finish.
4. Click OK.
5. In the left pane, expand the Certificates => Current User, Personal, Certificates.
6. In the middle pane, you should see a certificate listed with its Intended Purposes shown as Encrypting File System. If this certificate is not present and you're on a domain network, your domain administrator has done this job for you and you don't need to proceed any further.
7. Right-click the EFS certificate entry and select All Tasks, Export to launch the Certificate Export Wizard.



8. Click Next and then select Yes, Export the Private Key, and click Next.
9. Select Personal Information Exchange and click Next.



10. Enter a password twice to protect this key. (You must remember this password!)



11. Specify a path and filename to be used to save the key. If your system has a floppy drive, insert a blank, formatted floppy disk and type the path and filename, such as a:\recovery.pfx (not case sensitive). Otherwise, you can insert a writeable CD or DVD (recommended) or a USB flash memory drive (not recommended for permanent storage) and type the path and filename. If you use CD or DVD media, click Next and then Finish. A dialog box appears
stating that the export was successful; click OK.
12. Click Finish.