On a Windows Server 2003-based computer, you use the Encrypting File System (EFS) to back up some files that are encrypted. After you restore the files to another computer, the recovery agents that should be associated with the files are missing. Therefore, you cannot use the expected recovery agent private keys to recover the files.
↑ Back to the top
This issue occurs because of the APIs that are called to back up and to restore files. These APIs cause the system to update files by using the recovery agents that are defined in the security policy of the local computer. If the user account that performs the restore operation has access to a private recovery agent key, the file update is successful. Otherwise, recovery agent changes do not occur.
↑ Back to the top
To work around this issue, use one of the following methods:
- Restore the files by using an account that does not have the recovery agent private keys.
- Configure the security policy of the destination computer to specify the recovery agent of the files that you want to recover.
- Use another transport method to relocate the files to the destination computer. For example, use a portable hard disk to transport the files.
↑ Back to the top