Ravindra Kulkarni
- Open an empty MMC console using START | RUN | MMC.
- From the console menu, select CONSOLE | ADD/REMOVE SNAP-IN. The Add/Remove Snap-in window opens.
- Click Add. The Add Standalone Snap-in window opens.
- Double-click Certificates to load the snap-in. If you are logged on with an account that does not have administrator privileges, the only option is to load the your own personal certificates. Otherwise, you get additional choices of computer and service certificates.
- With the snap-in loaded, save the console with a descriptive name, such as Cert.msc. You may want to save it in \WINNT\System32 along with the rest of the console files so that another administrator can use it. The console does not point at your specific certificate. It loads the certificates of the user who launches the console.
- Expand the tree to Certificates—Current User | Personal | Certificates. Certificates issued to you are listed in the right pane. The Intended Purposes column lists the certificate’s function. If you have ever encrypted a file, you will have at least one EFS certificate. The domain Administrator account will have two certificates, one for EFS and one for File Recovery (FR).
- Double-click a certificate to view the contents.
You can use the Certificates snap-in to obtain new certificates. This is not generally necessary for EFS certificates because the EFS service obtains the certificate automatically when you encrypt a file. If you want to designate more Data Recovery Agents, though, you’ll need to obtain File Recovery (FR) certificates for them. You can request them using the Certificates snap-in.
EFS only issues one self-signed FR certificate. In a domain, it is issued to the domain Administrator account. For a local machine, it is issued to the first user who logs on to the machine following Setup. You’ll need a Certification Authority (CA) to issue any further FR certificates.
IgNiTeD SoUL 