Monday, January 23, 2012

Windows 7: Backing up EFS certificates

Do you use the Encrypted File System (EFS) that's built into Windows 7 (which is included in Pro, Enterprise and Ultimate versions of the OS) to protect your data on your local hard drive?  If so you should make sure that you back up the EFS certificate so you can recover your encrypted data if the stored keys on your hard drive get accidentally corrupted or deleted.


To backup the EFS key, use the following procedure:

  • From the Start menu in the Search field, type CERTMGR.MSC, then press the ENTER key to open the Certificate Manager.
  • Expand the Personal node, and click Certificates.
  • Scroll down to find the certificate that shows "Encrypting File System" in the Intended Purposes column, and click it.
  • Click Actions > All Tasks > Export...
  • On the first page of the Export Wizard, press the Next button.
  • Click Yes, export the private key and press the Next button.
  • Click Personal Information Exchange and press the Next button.
  • Create a password to encrypt the private key file, then press the Next button.
  • Enter a file name and location (or press the Browse button to navigate the local drives) to store the certificate.
  • Press the Finish button.

Notes: In the Certificate Manager if there is more than one EFS certificate make sure to back them all up on some type of removable media (such as a USB key or external hard drive). Then store that device in a safe physical location.

No comments: