What Is Data Recovery Agent?

Data Recovery Agent is a user account that has been granted permissions to access all encrypted files even if the files have been encrypted using encryption key of another user account of the computer. Administrators must create and configure Data Recovery Agents before allowing users to encrypt their files. This serves as a proactive step taken by the administrators as once user account that has encrypted the file has been deleted from the computer, in the absence of DRA the files cannot be recovered whatsoever. On the other hand, if a file is encrypted using encryption key, only the user who has encrypted the file can access it. If a user is deleted without decrypting the file, encrypted file and the data that it contains are lost forever. Why Configuring Data Recovery Agent Is Important? Data Recovery Agent is an important entity for both home and production environments. Even in peer-to-peer network setups and domain-based infrastructure, DRAs play an important role as they prove to be file saviors in case user accounts have been deleted either accidentally or on purpose and there is no way left to access the encrypted files. In such critical conditions Data Recovery Agents can access the files and can make them readable and accessible to others if required. In normal setups administrator account is mostly configured as Data Recovery Agent and before the account can be configured as a DRA, appropriate certificates must be generated so that they can be imported to the appropriate locations. Administrators can generate Data Recovery Agent certificates by typing the following command in the elevated command prompt: CIPHER /R:<filename> Example: CIPHER /R:DRA-CERT Once the command has been typed and enter key has been pressed the interface asks users to specify and conform a unique password which must be provided while installing the certificates. Once the passwords have been provided, certificate file with .CER file extension is generated and saved at the location from where the elevated command prompt was initialized. How to Configure and Assign Data Recovery Agent in Windows 8? After Data Recovery Agent certificates for the administrator account have been successfully generated, administrators must follow the steps below to make them DRAs: 1. 2. 3. 4. 5. 6. 7. 8. 9. Log on to Windows 8 computer with administrator account. Assuming that the operating system has been configured to display classic start menu, click Startand at the bottom of the menu in search box type GPEDIT.MSC command and press enter key. If User Account Control confirmation box appears, click Yes to allow Windows to use access token that has administrative privileges to open Local Group Policy Editor snap-in. On the opened snap-in from the left pane expand Computer Configuration > Windows Settings > Security Settings > Public Key Policies and from the available options right click Encrypting File System. From the context menu click to select Add Data Recovery Agent. On Welcome to the Add Recovery Agent Wizard window click Next. On Select Recovery Agents window click Browse to locate the generated DRA certificates and on the confirmation box click Yes button to add them to the window. Back on Select Recovery Agents window click Next. On Completing the Add Recovery Agent Wizard window click Finish.

10. Once done, restart the computer to allow the changes to take effect.

Right click on both cer and pfx certificate and install them,use default option recommended. Cipher /u to update new certificate if problem arises.