EFS - Renew Certificates

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hello,
Im having problems with EFS not allowing me to encrypt new file or
folders because the Administrator certificate is expired. Does anyone know
how to renew this certificate? It looks to have been set in the default
domain policy (computer\windows\security settings\Public key policies\EFS)
when we went to our domain a few years ago. Im not sure if this is the
right place to post, but I've been pulling my hair out trying to figure out
how to renew this certificate. Any help would be appreciated.


Thanks

Al
1 answer Last reply
More about renew certificates
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    The original EFS File Recovery certificate is a self-signed certificate and
    cannot be renewed. You will have to replace that certificate.
    1. Back up the original File Recovery certificate w/private key to a .pfx
    file. You'll need this file to recover encrypted files that may not get
    updated to the new File Recovery certificate. Do the backup in
    MMC\Certificates snap-in on the DC that has the original certificate. (Log on
    as Administrator to see this.) Be sure the certificate you back up matches
    the certificate that's in policy.
    2. Run "cipher /r" to create a new File Recovery certificate (.Cer is the
    public certificate and .pfx is the certificate w/the private key which should
    be secured in a safe location. The .pfx is what you use to recover files.)
    3. Delete the expired certificate from EFS policy.
    4. Add the new certificate (.cer file) to EFS policy.
    Once policy refreshes, EFS will work again.

    More information is here:
    http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx

    Thanks.
    Pat

    --
    This posting is provided "AS IS" with no warranties, and confers no rights.


    "Al Ardito" wrote:

    > Hello,
    > Im having problems with EFS not allowing me to encrypt new file or
    > folders because the Administrator certificate is expired. Does anyone know
    > how to renew this certificate? It looks to have been set in the default
    > domain policy (computer\windows\security settings\Public key policies\EFS)
    > when we went to our domain a few years ago. Im not sure if this is the
    > right place to post, but I've been pulling my hair out trying to figure out
    > how to renew this certificate. Any help would be appreciated.
    >
    >
    > Thanks
    >
    > Al
    >
    >
    >
Ask a new question

Read More

Certificate Windows XP