Re: Can no longer encrypt files

From: Star Fleet Admiral Q (Star_Fleet_Admiral_Q(NOSPAM)_at_(SPAMNOT)hotmail.com)
Date: 01/07/04 

Date: Tue, 6 Jan 2004 21:19:19 -0500

    It is saying the certificate for the "Recovery Agent" is invalid, not
the actual account doing the Encryption. If on a domain, when running
Win2k, the designated recovery agent was the default "Domain Admin", WinXP
there is not designated recovery agent, unless on a Win2k3 domain, which I
believe requires you to designate a recovery agent.
    I believe all the Hoopla about files getting encrypted and then the
encryption key certificate gets corrupted and or destroyed (due to reformat
and install on the workstation) and no recovery agent was designated
prompted these changes.
"Mike" <anonymous@discussions.microsoft.com> wrote in message
news:28983D92-BC2F-4D75-8005-A72CD921FE54@microsoft.com...
> I have a user using EFS to protect some sensitive information on a shared
drive. This was working fine until the account password expired and was
changed. The user reported that they could open the files, but could not
save changes. I had the user remove the encryption from all folders, which
was successful and they could again modify the files. We then tried to
encrypt the files again, but an error box is displayed stating "The Recovery
Policy configured for this system contains an invalid recovery
certificate." I deleted thier certificate, and tried to encrypt the files
again with the same result.
>
> The client computer is running XP Professional, the share is on a Windows
Server 2003 server, and the user account is an Active Directory account. Any
input is appreciated.
>
> Mike

Relevant Pages

  • Re: EFS, certificates etc
    ... created a certificate ... >for the Admin account, which I have designated as the ... >data recovery agent cannot. ... >>> encryption. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Can no longer encrypt files
    ... It is saying the certificate for the "Recovery Agent" is invalid, ... > the actual account doing the Encryption. ... > Win2k, the designated recovery agent was the default "Domain Admin", WinXP ... This was working fine until the account password expired and was ...
    (microsoft.public.windowsxp.security_admin)
  • Re: File Encryption Help Needed
    ... The machine's previous domain has no AD, which means NT4 server, right? ... If you have no recovery agent and no keys exported earlier, ... get back your files are logon as the old account assuming that DC is still ... > Let us be sure this is about encryption, ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Decrypting, Accessing an Encrypted file
    ... Adding a recovery agent will not help you to decrypt files ... You need to determine what account encrypted the files, ... > has the 'intended purpose' field value of 'encryption file system'. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: EFS - Please help to unsecure data
    ... encrypted them or the designated recovery agent profile if you did so ... >> Without having a backup of the encryption key and/or having designated a ... >> recovery agent, the files are probably not recoverable. ...
    (microsoft.public.windowsxp.general)
Loading