If the EFS recovery policy is NOT inherited from a site, domain, or organizational unit policy, the local policy is in effect.
The first time an administrator logs on, a default Local Recovery policy is automatically created. If the first administrator to log on is NOT the local administrator, then this administrator is the default recovery agent.
Here are two examples:
1. During the setup of a server, if you join a domain, the first Domain Administrators account found to be logged on becomes the local recovery agent.
2. When you restart immediately after setup, the Network Identification Wizard prompts you to select an automatic logon account or a user name and password. when a username is entered, that account is placed in the Local Administrators group and logged onto the computer. Since this is the first administrator logon, this username become the recovery agent.