|Subject:||Re: Encrypted Data Recovery Agents|
|Posted by:||Bob A (Bo…@discussions.microsoft.com)|
|Date:||Fri, 25 Aug 2006|
I was able to request and install a new RA from the CA, but I still can't
encrypt a file. same error about no recovery agent. Do I need to delete the
"Steven L Umbach" wrote:
> Do you have a Certificate Authority on your network? If you do you can
> request a new one from it while logged on as a domain level administrator.
> Otherwise you can use an XP Pro computer and use cipher to create a RA. Then
> you can import the .cer file created into the Group Policy where you have
> the EFS RA configured. The .cer file is not sensitive but the .pfx file is
> as it contains the private key used for decryption and you need to provide a
> password for it. You want to keep the RA .pfx file on a secure computer or
> copy it to external media and keep in a couple safe places. Even if you
> leave it on a secure computer keep a couple of copies in safe places and do
> NOT forget the password. The article below explains what you need to know
> for XP Pro but in your case you want to import the RA certificate into the
> domain level Group Policy that is configured to use it which may be Domain
> Security Policy.
> "Bob A" <Bo…@discussions.microsoft.com> wrote in message
> > Good Day. I have a Win2K AD domain controller with an expired
> > Administrator
> > certificate under the Domain Security Policy Encrypted Data Recovery
> > Agents.
> > I want to encrypt some files, but can't with an expired recovery agent
> > certificate. How do I renew this certificate? Is there a "How to:" article
> > with the step-by-step procedures? Google serch and technet search didn't
> > yeild much.
> > Thanks in advance,
> > - Bob
Re: Encrypted Data Recovery Agents posted by Steven L Umbach on Fri, 25 Aug 2006