Expired Recovery Agent EFS Cert
- From: Jeffrey <noemail@xxxxxxxxx>
- Date: Wed, 07 Dec 2005 11:04:17 -0500
I am on a Windows 2000 domain where the Administrator account is set as the Recovery Agent at the domain level policy. The certificate recently expired for that account and some XP machines can no longer encrypt files or folders. When doing so they receive this error:
"Recovery policy configured for this system contains invalid recovery certificate."
I have done some looking, but I am still a little foggy on what steps I need to do to replace that certificate with a current one. It looks like I can run cipher /r to generate a recovery cert on an XP machine, import it into the Administrator's account using the Certificates MMC and then re-add Administrator to the policy as a recovery agent. After that it appears I can run cipher /u to update on the client machine to update it with the new info. Is that correct? Any steps or details I am leaving out?
Thanks! Jeffrey .
- Follow-Ups:
- Re: Expired Recovery Agent EFS Cert
- From: Steven L Umbach
- Re: Expired Recovery Agent EFS Cert
- Prev by Date: Re: Setting WMI Security on 500 w2k and 200 w2k3 servers.
- Next by Date: Re: Kerberos error per Q824905
- Previous by thread: Re: Account policy (password)
- Next by thread: Re: Expired Recovery Agent EFS Cert
- Index(es):
Relevant Pages
|
