By default, if a computer that is running Windows XP or Windows 2000 is a member of a Windows Server 2003 domain or a Windows 2000 domain, the built-in Administrator account on the first domain controller in the domain is designated as the default recovery agent. Note that a computer that is running Windows XP and that is a member of a workgroup does not have a default recovery agent. You have to manually create a local recovery agent.
Microsoft wrote: The default design for the EFS recovery policy is different in Windows XP Professional than it was in Windows 2000 Professional. In Windows XP Professional, stand-alone computers do not have a default DRA, but Microsoft strongly recommends that all environments have at least one designated DRA.
Designating a Data Recovery Agent in a Stand-Alone Environment For stand-alone computers, Windows XP Professional does not create a default recovery agent. A DRA can be added by using Group Policy on the local computer, but the intended DRA must first have a recovery certificate. Because the computer is stand-alone, EFS creates a self-signed certificate for the DRA.
