Re: How to add EFS data recovery agents on Windows 2000 workgroup server

From: Steven L Umbach (sumbach_at_N0spam.ameritech.net)
Date: 04/22/04 

Date: Thu, 22 Apr 2004 13:31:26 -0500

I know you can replace the existing RA, bit I don't think you can add
another one without a Certificate Authority which is why you are having the
difficulty you are. W2K server has the capabilty to become a CA in
add/remove windows components. You might try adding another one as described
in how to replace an existing one in the KB link but I would be very careful
and use efsinfo to view the results. --- Steve

http://support.microsoft.com/?kbid=257705
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B243026 --- efsinfo.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316 --- anyone
using EFS should read this.

"Klaus" <kdpdel@telus.net> wrote in message
news:93de0f5c.0404220913.afbefbb@posting.google.com...
> Looking for information to add a 2nd EFS recovery agent
> (non-administrator account) to a Windows 2000 standalone server.
>
> Having troubles creating a valid .cer file in Windows 2000, that is
> required when running the W2K recovery agent wizard via MMC Local
> group policy interface (local computer policy > windows settings >
> security settings > public key policies > encrypted data recovery
> agent).
>
> Is there an equivalant "cipher /r" (used in windows 2003) command that
> I can use in Windows 2000 to create a .cer file ?
>
> Using the MMC Certificate snapin (certificate - current user >
> personal > certificates)to export a certificate to a .cer file, while
> logged into server with account to be used for 2nd recovery agent
> user, did not produce a .cer file that was accepted.

Relevant Pages

  • Re: File ENcryption Problem Detail
    ... Not that it's good policy to use your DCs for file ... If you're logged on to the DC locally, can you encrypt any files? ... We do have Win2K server running EFS here. ... >>> There is nothing being modified in the recovery agent. ...
    (microsoft.public.win2000.security)
  • Re: File ENcryption Problem Detail
    ... A user wants to encrypt a file in a drive, the drive is mapped from a shared ... When user tries to encrypt the file, the server is ... There is nothing being modified in the recovery agent. ... PC - there is one local recovery agent is defined locally and one domain ...
    (microsoft.public.win2000.security)
  • Re: File ENcryption Problem Detail
    ... Will forward this to our testers for a repro. ... We do have Win2K server running EFS here. ... When user tries to encrypt the file, ... > There is nothing being modified in the recovery agent. ...
    (microsoft.public.win2000.security)
  • Re: File ENcryption Problem Detail
    ... Where is the shared folder? ... We do have Win2K server running EFS here. ... >> There is nothing being modified in the recovery agent. ... >> PC - there is one local recovery agent is defined locally and one domain ...
    (microsoft.public.win2000.security)
  • Re: How to add EFS data recovery agents on Windows 2000 workgroup server
    ... Server 2003 machine, then put it into your Win2k AD (being careful to put ... > and use efsinfo to view the results. ... >> Looking for information to add a 2nd EFS recovery agent ... >> required when running the W2K recovery agent wizard via MMC Local ...
    (microsoft.public.win2000.security)
Quantcast