You can archive the private keys for encryption certificates at either a Windows Server 2003 or Windows Server 2008 enterprise certification authority (CA) to allow recovery of the private key if a user’s private key is lost or corrupted. This functionality is available at a Windows Server 2003 or Windows Server 2008 enterprise CA running on the Enterprise or Datacenter edition.

An organization should specify key archival and recovery in its security policy. If an organization does not specify that it allows key archival and recovery, it is almost impossible for the organization to implement key archival and recovery, because there are no guidelines for the implementation. If the security policy allows key ...