How to backup and restore Windows NTFS EFS certificates

Starting with Windows XP, the Encrypting File System (EFS) allowed for transparent, in-place encryption of files on your computer using automatically-generated certificates tied to your user profile. This would prevent access to encrypted files in case the data on the hard drive became compromised. However, if the user profile became corrupted or you were unable to log in normally, the encrypted files would become inaccessible.

You can prevent this from happening by backing up your certificates while the system is in a working state, so that you are able them to restore them later if the need arises.

In Windows XP, you can backup the certificate by doing the following:

  1. Log into the computer
  2. Click Start > Run and type mmc, then press enter.
  3. From the menu, choose File > Add/Remove Snap-in.
  4. Click Add, select Certificates, click Add, select My user account.
  5. Click Finish, click Close, click OK.
  6. Browse to Certificates – Current userPersonalCertificates.
  7. Right-click the certificate that you want to export.
  8. Click All Tasks then click Export.
  9. Follow the steps in the Certificate Export Wizard. Make sure to select that you want to export the private key along with the certificate.

In Windows XP, you can import the certificate by doing the following:

  1. Log into the computer
  2. Click Start > Run and type mmc, then press enter.
  3. From the menu, choose File > Add/Remove Snap-in.
  4. Click Add, select Certificates, click Add, select My user account.
  5. Click Finish, click Close, click OK.
  6. Browse to Certificates – Current userPersonal.
  7. Right-click Personal.
  8. Click All Tasks, click Import.
  9. Follow the steps in the Certificate Import Wizard. When browsing for the certificate, you should select Personal Information Exchange (*.pfx; *.p12) from the Files of type dropdown list box. You will need to enter the password you supplied when you exported the certificate from the destination computer.

In Windows Vista and Windows 7, you can manage your EFS certificates by going to Control Panel > User Accounts > Manage your file encryption certificates. From here, you can backup and restore your EFS certificates.

Do you have a method of backing up or restoring the EFS certificates not mentioned above, or have other feedback related to Windows EFS? Please feel free to share it in the comments below. Thank you!

, ,