Click Start, click Run, type mmc /a, and then click OK. On the Console menu, click Add/Remove Snap-in, and then click Add. Under Snap-in, click Group Policy, and then click Add. In Group Policy Object, click Local Computer, click Finish, click Close, and then click OK. In Local Computer policy, click Public Key Policies. In the details pane, right-click Encrypted Data Recovery Agents.
Click Add, and then follow the instructions in the Add Recovery Agent wizard. Be prepared to provide the wizard with the user name for a user with a published recovery certificate.
Alternatively, you can use the wizard to browse for .cer files that contain information about the recovery agent you are adding.
You must be logged on as an administrator or a member of the Administrators group in order to complete this procedure. If your computer is connected to a network, network policy settings may also prevent you from completing this procedure.
Adding a recovery agent from a file identifies the user as USER_UNKNOWN. Before you can add or create a recovery agent, the Group Policy snap-in and its Public Key Policies extension must be installed on your computer.