Recovery agent for EFS, how can i get it done PLEASE HELP

Guys i need your help, i have a windows 2003 server entrprise (upgraded from
Windows 2000 advanced server sometime ago) i noticed that an employee
encrypted some files and that wasnt allowed ( i didnt moved the allow
encrypting files from the GP :( ) anyway i logged with the administrator
which suppose to be able to recover the encypted files but its didnt do it,
anyway i decrypt the files using the user account, but now i wanna add a
reliable recovery agent, everytime i choose an account to be a recover agent
(an account from domain administrators) i get this error "Add Recovery Agent
---------------------------
The selected user has no certificates suitable for Encrypted File System
Recovery and cannot be added as a recovery agent.
Select another user.
---------------------------
OK
---------------------------"
i tried to install CA and then i tried to request certificate but i get this
error "---------------------------
Certificate Request Wizard
---------------------------
The certificate cannot be installed because of one or more of the following
conditions:
- There is a problem with your cryptographic hardware.
- The cryptographic service provider (CSP) that created the request is
malfunctioning.
The error was: Keyset does not exist
---------------------------
OK
---------------------------"

even if i see in the CA that the certificate has been issued and there is no
faild certificates, i tried to skip this thing too and export the user
certificate and then use it as recovery agent instead of choosing user name
its success but the user who suppose to be recovery agent couldnt recover
files too, i think he could recover folders only or at least thats whats
happend with me

When i tried to choose create recovery agent i got this error:
"---------------------------
Public Key Policies
---------------------------
Windows cannot create a data recovery agent. Keyset does not exist
---------------------------
OK
---------------------------"
I know its complex and long post but please try to help me, thanks so much



.

Relevant Pages

  • Re: Data Recovery Agent
    ... > Well you need a recovery agent. ... > If you want it to be administrator logon as administrator. ... > administrator has a certificate that will enable him EFS function. ... > administrator (e.g. create an empty text file and encrypt it; ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Data Recovery Agent
    ... Well you need a recovery agent. ... If you want it to be administrator logon as administrator. ... If there is a certificate Issued to: Administrator you can export it by ... administrator (e.g. create an empty text file and encrypt it; ...
    (microsoft.public.windowsxp.security_admin)
  • Re: How to add a domain user as a Data Recovery Agent
    ... Policy settings or contacting a domain controller. ... Recovery Agent certificate and when you examined the certificate are the ...
    (microsoft.public.windows.server.security)
  • RE: Recovery agent for EFS, how can i get it done PLEASE HELP
    ... Login as Local Administrator ... E. Right click cert and export to floppy. ... > i get this error "Add Recovery Agent ... > i tried to install CA and then i tried to request certificate but i get this ...
    (microsoft.public.windows.server.active_directory)
  • Re: Data Recovery Agent
    ... "The file contains no certificates suitable for EFS Recovery. ... >> Also, my current user account is already an Administrator, so is it still ... >>> make your administrator a recovery agent or you can create a new user ... >>> administrator has a certificate that will enable him EFS function. ...
    (microsoft.public.windowsxp.security_admin)