How to use EFS in AD Domain environment ?

[Guest]

My PC(XP SP2) is joined to Winsdows 2003 Active Directory.
When I tried to enable EFS, I got the following Error.

EFS recovery policy contains invalid recovery certificate.
Event ID: 6028

And then I check the group policy (gpedit.msc)
Computer Configuration\Windows Settings\Security Settings\ Public Key
Policies\Encrypted Data Recovery Agents node,
but I can not find any certificate.

Where can I find the invalid recovery certificate ?
Or, do you have any solution?

 

[John Wunderlich]

My PC(XP SP2) is joined to Winsdows 2003 Active Directory.
When I tried to enable EFS, I got the following Error.

EFS recovery policy contains invalid recovery certificate.
Event ID: 6028

And then I check the group policy (gpedit.msc)
Computer Configuration\Windows Settings\Security Settings\ Public
Key Policies\Encrypted Data Recovery Agents node,
but I can not find any certificate.

Where can I find the invalid recovery certificate ?
Or, do you have any solution?

Try one of these articles... they might point you to where they're
stored:

How to add an EFS recovery agent in Windows XP Professional
<http://support.microsoft.com/kb/887414/en-us>

"How to back up the recovery agent Encrypting File System (EFS)
private key in Windows Server 2003, in Windows 2000, and in Windows
XP"
<http://support.microsoft.com/kb/241201/en-us>

"Best practices for the Encrypting File System"
<http://support.microsoft.com/kb/223316/en-us>

HTH,
John