Unable to open the encrypted folder.

Open Windows explorer.

Right-click the file or folder you want to restore, and then click Properties.

On the General tab, click Advanced.

Clear the Encrypt content to protect data check box.

Make a backup of the decrypted file or folder and give it to the user.

Note: You can return the backup version to the user via email attachment, disk or network * * *.

Another way to recover data is to transfer the private key and certificate of the recovery agent to the computer with encrypted files, import the private key and certificate, decrypt the file or folder, and then delete the imported private key and certificate. Compared with the first method, this method greatly reduces the security of the private key, but it also saves backup, recovery and file transfer operations.

Return to the peak

Best practice

The following best practices can help companies effectively use and manage encrypted files and folders.

The recovery agent should back up its file recovery certificate to a safe place.

In the certificate snap-in of Microsoft MMC, use the Export command to export the file recovery certificate and private key to a floppy disk. Save the floppy disk to a safe place. Later, if the file recovery certificate or private key on the computer is damaged or deleted, you can use the "Import" command in the certificate unit of MMC to replace the damaged or deleted certificate and private key with the backup certificate and private key on the floppy disk.

Use the default domain configuration.

By default, the domain administrator is the default data recovery agent in a Windows 2000 or Windows Server 2003 domain. When a domain administrator logs in with this account for the first time, a self-signed certificate will be generated, and the private key will be saved in the user profile of the computer. The default domain Group Policy contains the public key of this certificate as the default data recovery agent in the domain.

Please update the lost or expired DRA private key immediately.

Although the expiration of DRA certificate is only a small event, the loss and damage of DRA private key may cause huge losses to enterprises.

An expired DRA certificate (private key) can still be used to decrypt previously encrypted files, but it cannot be used for newly created or updated encrypted files. If the DRA private key is lost or the DRA certificate expires, the best practice is to generate one or more new DRA certificates immediately and update the group policy accordingly. When users encrypt new files or update existing encrypted files, these files will be automatically updated with the new DRA public key. Remind users to adopt the new DRA and update all existing files.

In Windows XP, executing the command-line tool cipher.exe (using the /U parameter) can update the encryption key of all files in the local drive or restore the proxy key. The following example shows the update of two encrypted files on a local drive running Cipher.exe:

Cipher.exe/U

C:\Temp\test.txt: encryption has been updated.

C:\My Documents\wordpad.doc: encryption update.

Note: When using the default self-signed certificate in a domain without a certificate authority, the certificate is valid for 99 years.

The following best practices can help companies protect mobile users' data from being stolen or lost:

Physical protection of computers is very important. In order to ensure that the computer is not stolen or physically damaged, all necessary precautions should be taken. These preventive measures are irreplaceable by technical means.

When using a mobile computer, be sure to log on to the Active Directory domain.

Store the user's private key independently of the mobile computer and import it if necessary.

Encrypt public folders such as My Documents and Temporary Folders to encrypt all new and temporary files.

Sensitive data files should be created in an encrypted folder, and sensitive data plaintext files should be copied to the encrypted folder. Following this principle can ensure that plaintext files are not stored in the computer, and temporary files cannot be recovered by complex disk analysis tools.

Use a combination of group policy, login scripts and security templates to implement folder encryption, thus ensuring that standard folders, such as My Documents, are set as encrypted folders.

Windows XP operating system supports data encryption of offline files. When applying the client caching policy, offline files and folders stored in the local cache should be encrypted.

In a mobile computer, enable mode 2 or mode 3 (floppy disk startup or password startup) of the system tool SYSKEY to prevent malicious users from starting the system. The system key tool is introduced in the online help for Windows.

Enable SMB signing in the group policy of the server, which is a trusted delegate object for storing encrypted files. This setting can be found in Group Policy, and its path is: Group Policy Object Name, Computer Configuration, Windows Settings, Security Settings, Local Policy, Security Options, Microsoft Network Server: Fully Digitally Signed Communication.

After the file is encrypted, make sure to delete the unencrypted data from the hard drive. This operation should be carried out regularly.

References:

/China/TechNet/security/sgk/protect _ data _ EFS . mspx

1. How to set the personalized signature of WeChat?

The other side is fully responsible for the crash. What if you don't lose money?

How to set the blank of WeChat personality signature

Is docsign an electronic signature?

What are the routines about chatting with girls?

Run away How do teenagers prick their skin?

Do immediate family members need to sign when they go to prison?

1 thoughts on bidding farewell to political obligations _ thoughts on reading _ thoughts on reading famous books

How to apply for an APEC business travel card? Who can apply and what are the application conditions?

The online payment center of Agricultural Bank of China reminds you to install the online banking signature control, but it will automatically close as soon as I install the U shield.