EFS

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hello,

with the help of Drew Cooper [MSFT] , I finally understood why I can't crypt
a file/directory on my computer (XP) using EFS. I give an excerpt of our
discussion on microsoft.public.

____________________________________________________________________________
_____________________


<dcoop@online.microsoft.com> a écrit dans le message de
news:OY6kL0UOEHA.2780@TK2MSFTNGP09.phx.gbl...
| Have you tried running rsop.msc (the RSOP MMC snapin) to see what policies
| are being applied to your machine? Is there an invalid EFS recovery
| certificate there?
Yes there is one, named CDECREM, autosigned, in the machine config/Windows
parameters/Public key policies/EFS ! It is invalid (already expired) but I
can't find it in my machine stores neither in my personal stores on my
machine.

____________________________________________________________________________
_____________________

Now the pb that I have is o get rid of this certificate, knowning that it
mesu be sent by my domai controler.

Can someone help me ?

Oriane

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

The certificate/private key for the Recovery Agent may have been already deleted
in the users computer store. For Windows XP Pro you can use cipher to generate
new certificate/keys for Recovery Agent. Once you generate the key and save it
to a .pfx file you can click the file to start the installation wizard. After it
is installed you can export the certificate [probably from the built in
administrator account] to a .cer file and then import it into the security
policy as a Recovery Agent certificate by selecting add and then navigating to
the folder where the .cer file is located. -- Steve

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/cipher.mspx

"Oriane" <oriane@guermantes.com> wrote in message
news:uWbkwi%23OEHA.3300@TK2MSFTNGP09.phx.gbl...
> Hello,
>
> with the help of Drew Cooper [MSFT] , I finally understood why I can't crypt
> a file/directory on my computer (XP) using EFS. I give an excerpt of our
> discussion on microsoft.public.
>
> ____________________________________________________________________________
> _____________________
>
>
> <dcoop@online.microsoft.com> a écrit dans le message de
> news:OY6kL0UOEHA.2780@TK2MSFTNGP09.phx.gbl...
> | Have you tried running rsop.msc (the RSOP MMC snapin) to see what policies
> | are being applied to your machine? Is there an invalid EFS recovery
> | certificate there?
> Yes there is one, named CDECREM, autosigned, in the machine config/Windows
> parameters/Public key policies/EFS ! It is invalid (already expired) but I
> can't find it in my machine stores neither in my personal stores on my
> machine.
>
> ____________________________________________________________________________
> _____________________
>
> Now the pb that I have is o get rid of this certificate, knowning that it
> mesu be sent by my domai controler.
>
> Can someone help me ?
>
> Oriane
>

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hello Steven,

If I try to sum up: I generate a new key pair for the certificate I can see
with the rsop mmc but not in the certifucate store ?
Or do you suggest I create a new certificate ?
Oriane

"Steven Umbach" <n9rou@n0spam-comcast.net> a écrit dans le message de
news:UGeqc.71020$z06.9341038@attbi_s01...
| The certificate/private key for the Recovery Agent may have been already
deleted
| in the users computer store. For Windows XP Pro you can use cipher to
generate
| new certificate/keys for Recovery Agent. Once you generate the key and
save it
| to a .pfx file you can click the file to start the installation wizard.
After it
| is installed you can export the certificate [probably from the built in
| administrator account] to a .cer file and then import it into the security
| policy as a Recovery Agent certificate by selecting add and then
navigating to
| the folder where the .cer file is located. -- Steve
|
|
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/cipher.mspx
|
| "Oriane" <oriane@guermantes.com> wrote in message
| news:uWbkwi%23OEHA.3300@TK2MSFTNGP09.phx.gbl...
| > Hello,
| >
| > with the help of Drew Cooper [MSFT] , I finally understood why I can't
crypt
| > a file/directory on my computer (XP) using EFS. I give an excerpt of our
| > discussion on microsoft.public.
| >
| >
____________________________________________________________________________
| > _____________________
| >
| >
| > <dcoop@online.microsoft.com> a écrit dans le message de
| > news:OY6kL0UOEHA.2780@TK2MSFTNGP09.phx.gbl...
| > | Have you tried running rsop.msc (the RSOP MMC snapin) to see what
policies
| > | are being applied to your machine? Is there an invalid EFS recovery
| > | certificate there?
| > Yes there is one, named CDECREM, autosigned, in the machine
config/Windows
| > parameters/Public key policies/EFS ! It is invalid (already expired) but
I
| > can't find it in my machine stores neither in my personal stores on my
| > machine.
| >
| >
____________________________________________________________________________
| > _____________________
| >
| > Now the pb that I have is o get rid of this certificate, knowning that
it
| > mesu be sent by my domai controler.
| >
| > Can someone help me ?
| >
| > Oriane
| >
|
|

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

You proably should try to create a new certificate/private key via a .pfx
file and then install that. --- Steve


"Oriane" <oriane@guermantes.com> wrote in message
news:%238SgK$MPEHA.2468@TK2MSFTNGP11.phx.gbl...
> Hello Steven,
>
> If I try to sum up: I generate a new key pair for the certificate I can
see
> with the rsop mmc but not in the certifucate store ?
> Or do you suggest I create a new certificate ?
> Oriane
>
> "Steven Umbach" <n9rou@n0spam-comcast.net> a écrit dans le message de
> news:UGeqc.71020$z06.9341038@attbi_s01...
> | The certificate/private key for the Recovery Agent may have been already
> deleted
> | in the users computer store. For Windows XP Pro you can use cipher to
> generate
> | new certificate/keys for Recovery Agent. Once you generate the key and
> save it
> | to a .pfx file you can click the file to start the installation wizard.
> After it
> | is installed you can export the certificate [probably from the built in
> | administrator account] to a .cer file and then import it into the
security
> | policy as a Recovery Agent certificate by selecting add and then
> navigating to
> | the folder where the .cer file is located. -- Steve
> |
> |
>
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/cipher.mspx
> |
> | "Oriane" <oriane@guermantes.com> wrote in message
> | news:uWbkwi%23OEHA.3300@TK2MSFTNGP09.phx.gbl...
> | > Hello,
> | >
> | > with the help of Drew Cooper [MSFT] , I finally understood why I can't
> crypt
> | > a file/directory on my computer (XP) using EFS. I give an excerpt of
our
> | > discussion on microsoft.public.
> | >
> | >
>
____________________________________________________________________________
> | > _____________________
> | >
> | >
> | > <dcoop@online.microsoft.com> a écrit dans le message de
> | > news:OY6kL0UOEHA.2780@TK2MSFTNGP09.phx.gbl...
> | > | Have you tried running rsop.msc (the RSOP MMC snapin) to see what
> policies
> | > | are being applied to your machine? Is there an invalid EFS recovery
> | > | certificate there?
> | > Yes there is one, named CDECREM, autosigned, in the machine
> config/Windows
> | > parameters/Public key policies/EFS ! It is invalid (already expired)
but
> I
> | > can't find it in my machine stores neither in my personal stores on my
> | > machine.
> | >
> | >
>
____________________________________________________________________________
> | > _____________________
> | >
> | > Now the pb that I have is o get rid of this certificate, knowning that
> it
> | > mesu be sent by my domai controler.
> | >
> | > Can someone help me ?
> | >
> | > Oriane
> | >
> |
> |
>