Re: Problems with EFS and "MY Documents"

From: Star Fleet Admiral Q (Star_Fleet_Admiral_Q(NO-SPAM)_at_(FORGET-SPAM)hotmail.com)
Date: 07/14/04


Date: Tue, 13 Jul 2004 22:01:51 -0400

FYI - this may be by design - we do this to prevent users from
encrypting documents and then later the need for accessing them is
required, the original encrypting profile and/or recovery agent
certificate has expired or lost (due to employee turnover).

-- 
Star Fleet Admiral Q @ your service
--------------------------------------------------------
"Miha Pihler" <miha-news@atlantis.si> wrote in message
news:%23RhGKNEaEHA.212@TK2MSFTNGP12.phx.gbl...
> It looks like that there is a recovery agent defined at domain or OU
level
> and it's certificate expired. You won't be able to use EFS till this
is
> fixed.
>
> If you are administrator you can:
> * renew certificate for recovery agent
> * issue new certificate for recovery agent
>
> If you are not domain administrator then talk to the person in your
company
> that is responsible for your domain.
>
> I hope this helps you out,
>
> Mike
>
> "butch" <butch@discussions.microsoft.com> wrote in message
> news:EA9EDC65-43A2-4ACB-9F2F-0FAFF9BE5C40@microsoft.com...
> > The computer is in a domain and the pane says "no policy defined"
> >
> > "Miha Pihler" wrote:
> >
> > > Hi,
> > >
> > > is this computer part of domain or is it in a workgroup?
> > >
> > > Also click Start > Run > gpedit.msc > when Group Policy Editor
starts
> drill
> > > down Computer Configuration > Windows Settings > Security
Settings >
> Public
> > > Key Policies > Encrypted Files System. Tell me what is displayed
in
> right
> > > pane...
> > >
> > > Mike
> > >
> > > "butch" <butch@discussions.microsoft.com> wrote in message
> > > news:3B4087B1-BC0D-4C47-B161-D6D30D688CED@microsoft.com...
> > > > I am working on a laptop computer using XP Pro SP1 and I
trying to
> > > encrypt the "My Documents" folder.  The current user is a local
> > > administrator.  When I try to encrypt the "My Documents" folder
I get
> > > "access denied" when I try to encrypt a file in "My Documents" I
get the
> > > error "recovery poicy configured for this system contains
invalid
> recovery
> > > certificate."
> > >
> > >
> > >
>
>


Relevant Pages

  • Re: Data Recovery Agent
    ... It is a security certificate and I had used the mmc.exe to get it. ... >> Mike, ... >>>> Also, my current user account is already an Administrator, so is it ... >>>>> make your administrator a recovery agent or you can create a new user ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Data Recovery Agent
    ... Mike ... > Also, my current user account is already an Administrator, so is it still ... >> make your administrator a recovery agent or you can create a new user ... >> administrator has a certificate that will enable him EFS function. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Problems with EFS and "MY Documents"
    ... It looks like that there is a recovery agent defined at domain or OU level ... and it's certificate expired. ... If you are not domain administrator then talk to the person in your company ... Mike ...
    (microsoft.public.windowsxp.security_admin)
  • Re: How to add a domain user as a Data Recovery Agent
    ... Policy settings or contacting a domain controller. ... Recovery Agent certificate and when you examined the certificate are the ...
    (microsoft.public.windows.server.security)
  • Re: How to add a domain user as a Data Recovery Agent
    ... Recovery Agent certificate and when you examined the certificate are the ... I'm trying to figure out how to add a non-privileged, domain user account ... I add the users as data recovery agents. ...
    (microsoft.public.windows.server.security)