DRA and EFS

[Guest]

Hi, enabled EFS on our XP portables, together with the DRA functionality which is integrated with the Active Directory and the group policies
We generated a DRA certificate using the Microsoft Certificate Server and noticed that the validity period is only 1 year, we tried to change this but this seams to be not possible or does anybody have a proven method to change the validity period of a DRA certificate
Another question is: what happens with the DRA functionality if the DRA certificate expires, will we still be able to decrypt the data, even if the DRA certificate has expired
Thanks
Steven

 

[Drew Cooper [MSFT]]

The validity period is determined when the certificate is issued.

You will be able to decrypt but not encrypt when the DRA cert expires.
Actually that's also true for user's encryption certs - the expired ones can
still be used to decrypt, but not encrypt.
--
Drew Cooper [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.

Hi, enabled EFS on our XP portables, together with the DRA functionality

which is integrated with the Active Directory and the group policies.

We generated a DRA certificate using the Microsoft Certificate Server and

noticed that the validity period is only 1 year, we tried to change this but
this seams to be not possible or does anybody have a proven method to change
the validity period of a DRA certificate.

Another question is: what happens with the DRA functionality if the DRA

certificate expires, will we still be able to decrypt the data, even if the
DRA certificate has expired?