Add recovery agents for EFS
Windows' Encrypting File System (EFS) provides on-the-fly encryption and decryption of files on an NTFS volume, and it can help protect sensitive data on vulnerable systems such as notebooks.
EFS uses the user's encryption certificate to encrypt and decrypt the data. The encryption/decryption process is transparent to the user because EFS uses the user's existing certificate for the encryption.
If the user's certificate is lost or corrupted, designated encrypted data recovery agents can use their certificates to decrypt the data. By default, the local Administrator account works as a recovery agent.
In some cases, however, it can be useful to specify other recovery agents. You can do so for domain members through group policy, and you can use local policy for stand-alone workstations.
To add recovery agents via local policy, follow these steps:
This process is similar for domain members, but you must edit the group policy object at the domain or OU level.
It's a good idea to place all of the recovery agents' .cer files in a safe location in case you need them again. Choose a location that's both physically secure and safe from drive or other hardware failures.
Back up the registry with the Backup utility
Some Windows administrators don't think very highly of the Backup utility included with Windows 2000 Server and prefer to use third-party solutions for their backup needs. However, while Windows Backup doesn't have all the bells and whistles that other backup solutions offer, it does offer one feature that makes it easy to back up the registry.
The Windows registry comprises several files, the majority of which reside in the \%systemroot%\System32\Config folder. Windows 2000 Server also maintains a backup copy of the registry hive files in the folder \%systemroot%\Repair.
Windows doesn't back up the registry here automatically. It places a copy in the repair folder at Setup, but it doesn't update these files on its own.
However, you can use Windows Backup to quickly back up the registry. Follow these steps:
This backs up the registry files to the Repair folder. If your server experiences a corrupted registry or you need to revert to the previous configuration, boot the server with the Recovery Console, copy the registry files from the Repair folder to the Config folder, and reboot.