In XP Pro by default only one EFS certificate/private key will be generated
for the user when they first encrypt a file. XP Pro will not generate a
Recovery Agent certificate/private key by default. If you could explain your
question in more detail someone may be able to help or provide more
information. With EFS if you have EFS encrypted files and you do not have
the EFS private key that belonged to the EFS certificate that encrypted the
files you can NOT decrypt them. The EFS private key would be in the user's
profile at a point in time after he started encrypting files with EFS. There
could be an exception if a Certificate Authority was used on the network and
the user had earlier requested an EFS certificate/private key but that is
usually not the case and you could find that info on the CA that issued the
certificate. Also if using a Recovery Agent at the domain level then files
could possibly be recovered with the RA if it was in effect before the user
started using EFS. The utility efsinfo can give you a lot of details about
and EFS file such as who can decrypt it and the RA if any. --- Steve
http://www.microsoft.com/technet/pr...Ref/dd2b3fcd-7b86-4df0-9952-cffa2f03d662.mspx
--- efsinfo