Backing Up and Restoring Encrypted Data and Certificates

Previous page
Table of content
Next page

You can back up and restore encrypted data like any other data. The key thing to remember is that you must use backup software that understands EFS, such as the built-in Backup and Restore tools. There are lots of possible ways to go wrong, however.

The backup or restore process does not necessarily back up or restore the certificate needed to work with the encrypted data. The user's profile data contains the certificate needed to work with the encrypted data. If the user's account exists and the profile still contains the necessary certificate, then, yes, the user can still work with the encrypted data.

If the user's account exists and you previously backed up the user's profile and then restored the profile to recover a deleted certificate, then, yes, the user can still work with the encrypted data. Otherwise, however, there's no way to work with the data and you'll need to have a designated recovery agent access the files and then remove the encryption.

Being able to back up and restore certificates is an important part of any disaster recovery planning. The next sections examine the techniques you can use to perform these tasks .

Backing Up Encryption Certificates

You use the Certificates snap-in to back up and restore personal certificates. Personal certificates are saved with the Personal Information Exchange (.pfx) format.

The steps you follow to back up personal certificates are as follows :

  1. Log on to the computer where the personal certificate you want to work with is stored as the user. Open the Run dialog box by clicking Start and then clicking Run.

  2. Type mmc in the Open field and then click OK. This opens the Microsoft Management Console (MMC).

  3. In the Microsoft Management Console, click Console, then click Add/Remove Snap-In. This opens the Add/Remove Snap-In dialog box.

  4. In the Standalone tab, click Add. In the Add Snap-In dialog box, click Certificates, and then click Add. This displays the Certificates Snap-in dialog box.

  5. Select My User Account and then click Finish.

  6. Click Close and then click OK.

  7. Expand Certificates - Current User, Personal and then select Certificates. Right-click the certificate you want to save, choose All Tasks, and then select Export. This starts the Certificate Export Wizard.

  8. Click Next and then select Yes, Export The Private Key. Click Next.

  9. Click Next, accepting the default values, and then type a password for the certificate.

  10. Specify a file location for the certificate file. Be sure that this location is secure, since you don't want to compromise system security. The file is saved with the .pfx extension.

  11. Click Next and then click Finish. If the export process is successful, you'll see a dialog box confirming this. Click OK.

Restoring Encryption Certificates

When you have a backup of a certificate, you can restore the certificate to any computer on the network ”not just the original computer. The backup and restore process is, in fact, how you move certificates from one computer to another.

The steps you follow to restore a personal certificate are as follows:

  1. Copy the Personal Information Exchange (.pfx) file onto a floppy disk and then log on to the computer where you want to use the personal certificate as the user.

    Note

    Log on to the target computer as the user whose certificate you're restoring. If you don't do this, the user won't be able to work with his or her encrypted data.


  2. Access the Certificates snap-in for My User Account as described previously.

  3. Expand Certificates - Current User and then right-click Personal. Choose All Tasks and then select Import. This starts the Certificate Import Wizard.

  4. Click Next and then insert the floppy disk.

  5. Click Browse and then use the Open dialog box to locate the personal certificate on the floppy disk. Be sure to select Personal Information Exchange as the file type. Once you locate the file, select it and then click Open.

  6. Click Next. Type the password for the personal certificate and then click Next again.

  7. The certificate should be placed in the Personal store by default, so accept the default by clicking Next. Click Finish. If the import process is successful, you'll see a dialog box confirming this. Click OK.


Previous page
Table of content
Next page
Microsoft Windows Server 2003 Administrator[ap]s Pocket Consultant
Microsoft Windows Server 2003 Administrator[ap]s Pocket Consultant
ISBN: 735622450
EAN: N/A
Year: 2003
Pages: 141
BUY ON AMAZON
SQL Tips & Techniques (Miscellaneous)
Snort Cookbook
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
Competency-Based Human Resource Management
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
FileMaker 8 Functions and Scripts Desk Reference
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy