EFS for XP

[attrib75]

I'm trying to use EFS to encrypt a file on an XP pro domain member computer.
I get a message "recovery policy configured for this system contains invalid
certificate"

Of course I looked up the knowledge base article that this pertains to. I
went to the domain policy and looked under computer>windows settings>
security>public key>encrypting file system for the OU that my policy is
applied. There is a new valid certificate there from a DC.

I even tried importing that into my local certificate store. Didnt' work.
Cant figure out how this works.

thanks

 

[Patrick Keenan]

I'm trying to use EFS to encrypt a file on an XP pro domain member
computer.
I get a message "recovery policy configured for this system contains
invalid
certificate"

Of course I looked up the knowledge base article that this pertains to. I
went to the domain policy and looked under computer>windows settings>
security>public key>encrypting file system for the OU that my policy is
applied. There is a new valid certificate there from a DC.

I even tried importing that into my local certificate store. Didnt' work.
Cant figure out how this works.

thanks

Here's a clip from one site:
=================
Thank you very much for your feedback.
The way it was resolved was as follows:
On our main domain controller
1.- Start-->run type certmgr.msc
2.-Under personal--> certificates the administrator certificate had expired.
So i created a new certificate( cipher /r:administrator from the command
prompt), deleted the expired one.
3.- Right click on certificates (personal-->certificates under the
certificate manager console) and import the new certificate i created.
=====================

HTH

and of course, do ensure that you can actually decrypt the files if the
Windows install or account gets damaged.

-pk

 

[attrib75]

Must have been an expired certificate somewhere that I hadn't deleted. Seems
to work now.

thanks!