Re: Encrypted Data Recovery Agents

Giganews Newsgroups
Subject: Re: Encrypted Data Recovery Agents
Posted by:  Bob A (Bo…
Date: Fri, 25 Aug 2006

Thanks Steve,

I was able to request and install a new RA from the CA, but I still can't
encrypt a file. same error about no recovery agent. Do I need to delete the
expired certificate?


- Bob

"Steven L Umbach" wrote:

> Do you have a Certificate Authority on your network?  If you do you can
> request a new one from it while logged on as a domain level administrator.
> Otherwise you can use an XP Pro computer and use cipher to create a RA. Then
> you can import the .cer file created into the Group Policy where you have
> the EFS RA configured. The .cer file is not sensitive but the .pfx file is
> as it contains the private key used for decryption and you need to provide a
> password for it. You want to keep the RA .pfx file on a secure computer or
> copy it to external media and keep in a couple safe places. Even if you
> leave it on a secure computer keep a couple of copies in safe places and do
> NOT forget the password. The article below explains what you need to know
> for XP Pro but in your case you want to import the RA certificate into the
> domain level Group Policy that is configured to use it which may be Domain
> Security Policy.
> Steve
> "Bob A" <Bo…> wrote in message
> news:C849B1DF-F4AD-4538-B6CE-5FBE350CFD…
> > Good Day. I have a Win2K AD domain controller with an expired
> > Administrator
> > certificate under the Domain Security Policy Encrypted Data Recovery
> > Agents.
> > I want to encrypt some files, but can't with an expired recovery agent
> > certificate. How do I renew this certificate? Is there a "How to:" article
> > with the step-by-step procedures? Google serch and technet search didn't
> > yeild much.
> >
> > Thanks in advance,
> >
> > - Bob


In response to

Re: Encrypted Data Recovery Agents posted by Steven L Umbach on Fri, 25 Aug 2006