Problem solve Get help with specific problems with your technologies, process and projects.

What do I need to back up to prevent loss of user key data?

Hello, Ms. Bragg. With interest, I read a SearchWin2000.com e-mail newsletter (Sept. 17) about FEKs and about how users' key data need to be backed up. I also followed a link to a related article about administrator having keys, etc.

But what is still unclear to me is how I prevent encrypted data loss, specifically. What file or file piece do I need to back up? And for that matter, how do I correctly (usably) restore so that data is recoverable?

Does the BACKUP ERD utility back up such keys/profiles? Prior to reading your Q&A article, I had assumed that as long as my files were backed up, I could be confident of rebuilding my PC, new HD and all, and restoring my data if my disk crashed. You obviously are saying I, and a great number of other people, are mistaken.

User profiles are managed under admin tools, but what do I need to do to back up my client's keys?

Thank you very much. Also, why aren't such warnings and procedures broadcast in flashing red 72-point type along with every mention of "back up your data in case your computer crashes"?

The keys must be archived! Simply backing up the profile is not a solution. While a full backup, which includes system data, would allow you to restore the operating system, and thus the keys, it is far less of a problem to simply be able to import an archive of the keys.

Instructions for archiving keys are available from the help system in Windows 2000 Professional, on Microsoft?s Web site, as well as in the presentation slides from my recent webcast.

In brief, you need to "export" your keys. You do this from the certificates snap-in startrunmmcaddremovesnap-snaddcertificatescloseok, then navigate to personalcertificates and then right click your EFS certificate in the detail pane and select "export." Don't forget to make sure you export the private key, and use a password to protect the file. Export to a floppy disk and store in a safe place. Record and store the password separately; you'll need it to "import" these keys should you need them.

And, yeah, I think there should be 72-point type or larger warning folks about this. The documentation does mention it, but most people don't read it or don't realize its importance.

This was last published in October 2002

Dig Deeper on Endpoint security management tools

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.