EFS - Renew Certificates

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hello,
Im having problems with EFS not allowing me to encrypt new file or
folders because the Administrator certificate is expired. Does anyone know
how to renew this certificate? It looks to have been set in the default
domain policy (computer\windows\security settings\Public key policies\EFS)
when we went to our domain a few years ago. Im not sure if this is the
right place to post, but I've been pulling my hair out trying to figure out
how to renew this certificate. Any help would be appreciated.


Thanks

Al
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

The original EFS File Recovery certificate is a self-signed certificate and
cannot be renewed. You will have to replace that certificate.
1. Back up the original File Recovery certificate w/private key to a .pfx
file. You'll need this file to recover encrypted files that may not get
updated to the new File Recovery certificate. Do the backup in
MMC\Certificates snap-in on the DC that has the original certificate. (Log on
as Administrator to see this.) Be sure the certificate you back up matches
the certificate that's in policy.
2. Run "cipher /r" to create a new File Recovery certificate (.Cer is the
public certificate and .pfx is the certificate w/the private key which should
be secured in a safe location. The .pfx is what you use to recover files.)
3. Delete the expired certificate from EFS policy.
4. Add the new certificate (.cer file) to EFS policy.
Once policy refreshes, EFS will work again.

More information is here:
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx

Thanks.
Pat

--
This posting is provided "AS IS" with no warranties, and confers no rights.


"Al Ardito" wrote:

> Hello,
> Im having problems with EFS not allowing me to encrypt new file or
> folders because the Administrator certificate is expired. Does anyone know
> how to renew this certificate? It looks to have been set in the default
> domain policy (computer\windows\security settings\Public key policies\EFS)
> when we went to our domain a few years ago. Im not sure if this is the
> right place to post, but I've been pulling my hair out trying to figure out
> how to renew this certificate. Any help would be appreciated.
>
>
> Thanks
>
> Al
>
>
>
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom