Re: EFS Recovery Agents

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

---

• From: Rock <rock@xxxxxxxxxxxxxxx>
• Date: Tue, 03 May 2005 22:53:15 -0700

---

Stiltripin wrote:

Are there any KB articles that explain how to do that?

"S.Sengupta" wrote:

This happens if the Encrypting File System (EFS) recovery policy implemented on this computer contains one or more EFS recovery agent certificates that have expired. These certificates cannot be used.

Either renew the existing certificates or generate new certificates for the EFS recovery agents and reapply the recovery agent policy with those certificates.

regards,
ssg MS-MVP

Stiltripin wrote:

Running Windows XP SP2 in a active domain network. When domain users attempt to encrypt a local folder they receive the following error: "An error occured applying attributes to the file: C:\{local folder} Recovery policy configured for this system contains invalid recovery certificate".

When I go to the Domain Security Policy | Encrypted Data Recovery Agents it shows a certificate that expired 4/12/05. I'm unable to renew the certificate and can not create a new agent.

How do I resolve this issue?

How to add an EFS recovery agent in Windows XP Professional
http://support.microsoft.com/?id=887414

How To Encrypt a Folder in Windows XP
http://support.microsoft.com/?id=308989

How To Remove File Encryption in Windows XP
http://support.microsoft.com/?id=308993

How To Encrypt a File in Windows XP
http://support.microsoft.com/?id=307877

HOW TO: Share Access to an Encrypted File in Windows XP
http://support.microsoft.com/?id=308991

Best practices for the Encrypting File System
http://support.microsoft.com/?id=223316

How to back up the recovery agent Encrypting File System (EFS) private key in Windows Server 2003, in Windows 2000, and in Windows XP
http://support.microsoft.com/?id=241201

--
Rock
MS MVP  Windows - Shell/User

.

---

• References:
  • Re: EFS Recovery Agents
    • From: Stiltripin

• Prev by Date: Re: Viewing GIF on IE
• Next by Date: Re: PDF reading from XP
• Previous by thread: Re: EFS Recovery Agents
• Next by thread: Verizon DSL and DUN Error
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: NTFS Encryption, Old Master, Fresh Install ... If you did not export the certificate of the original userid used to encrypt ... recovery agent certificate, then for all practical purposes the files are ... > Windows to fix some crazy problem (that I later found out ... (microsoft.public.windowsxp.security_admin) Re: encryption ... after that i got windows croupt some other time ... > cipher command and put in trusted certificates folder, ... > now recovery agent is administrator, but nothing happend, ... > will not encrypt) please solve my problem, ... (microsoft.public.windowsxp.security_admin) Re: Help, Ive encrypted my files and I cant get up... ... to "Encrypt Data to Secure Contents" by right clicking on the desired file, ... See these links for more info on EFS in case you ever decide to use it again, ... How To Remove File Encryption in Windows XP ... How to add an EFS recovery agent in Windows XP Professional ... (microsoft.public.windowsxp.general) Re: EFS Certificate Needed ... The certificates I have were recently installed days after the files ... re-installed Windows after the encryption. ... that recovery agent will only have ... Best practices for the Encrypting File System ... (microsoft.public.security) Re: file encryption ... > if i encrypt a file with windows xp pro, how do i know if i have ... Well, I guess you could export the certificates, copy the file to another PC ... (microsoft.public.windowsxp.security_admin)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > WinXP  > microsoft.public.windowsxp.general  > 2005-05