Re: EFS Recovery Agent - Delete Certificate

From: Michel Lapointe (m_at_m.com)
Date: 04/29/03 

Date: Tue, 29 Apr 2003 09:44:00 -0400

Make sense...

Thank

ML
"Steven L Umbach" <n9rou@attbi.com> wrote in message
news:PPkra.385740$OV.405369@rwcrnsc54...
> You can create a new certificate while you are at the domain
group
> policy setting
> (since you have CA), you might want to try that. Otherwise after you
create
> the new certificate in the mmc certificate for user, export the
certificate
> (not private keys) and then add/import that certificate (.cer file) to the
> domain policy as recovery agent. -- Steve
>
>
> "Michel Lapointe" <a@a.com> wrote in message
> news:#gZc0qYDDHA.2892@TK2MSFTNGP11.phx.gbl...
> > Hello,
> >
> > I currently trying to replace a EFSRA certificate for the
> administrator
> > by a new certificate from ou CA. (I'm aware that doing that will prevent
> > recovering of all currently existing encrypted file).
> >
> > The problem i'm currently having is that if I go to Domain Policy,
> look
> > under EFS RA, I see the certificate for the Administrator. I delete it,
go
> > to the certificate snapin and create a new certificate for EFSRA for
> > administrator. (Both have different Friendly name and Valid End Date).
Go
> > back to Domain Policy, ReAdd administrator (hoping that the new
> certificate
> > will popup), and the old *supposed to be deleted* certificate popup, it
> > should not be a replication issue, since they are DC on the same site
and
> > wait more than 8 hour. (It was too late anyway yesterday night to
continue
> > working on that).
> >
> > Anyone have an idea why this old deleted certificate always come
back
> > and not the new one?
> >
> > Thank
> >
> > ML
> >
> >
>
>

Relevant Pages

  • RE: adding a trusted root certificate
    ... if you are willing the certificate to be trusted for the entire domain ... > of policy setting which don't allow users to install it. ...
    (microsoft.public.windows.group_policy)
  • Re: Data Recovery Agent
    ... > Well you need a recovery agent. ... > If you want it to be administrator logon as administrator. ... > administrator has a certificate that will enable him EFS function. ... > administrator (e.g. create an empty text file and encrypt it; ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Data Recovery Agent
    ... "The file contains no certificates suitable for EFS Recovery. ... >> Also, my current user account is already an Administrator, so is it still ... >>> make your administrator a recovery agent or you can create a new user ... >>> administrator has a certificate that will enable him EFS function. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Windows Vista, Outlook 2k7 and RPC over HTTP
    ... administrator, will not do certain things until you right-click its icon ... matter what his account name is. ... of Vista does not even enable the administrator account, ... Go to the web site and install the certificate to the Trusted ...
    (microsoft.public.windows.server.sbs)
  • Re: Data Recovery Agent
    ... Well you need a recovery agent. ... If you want it to be administrator logon as administrator. ... If there is a certificate Issued to: Administrator you can export it by ... administrator (e.g. create an empty text file and encrypt it; ...
    (microsoft.public.windowsxp.security_admin)