adding users as recovery agents

[jp]

Hi
when I am editing the default Domain policy and trying
to add a user as an encrypted data recovery agent I get
this error
"The selected user has no certificate suitable for the EFS
recovery and cannot be added as a recovery agent.
I have installed the certiifcate authority but do not know
how to proceed
Please advise.
Thanks in advance
Best Regards
JP

 

[Steven L Umbach]

You first need to have the certificates for the recovery agents created. Have them
logon to their computers and use the mmc certificate snapin for users to request a
Recovery Agent certificate from their personal folder by right clicking and selecting
request certificate. After receiving the certificate have that user export their
certificate to a .cer file [no need to export private key] to a location known to
you. Then you can browse to that .cer file and install it as a Recovery Agent. The
..cer files are not sensitive as they are the "public" key. --- Steve

 

[jp]

Thanks mate. it worked

-----Original Message-----
You first need to have the certificates for the recovery agents created. Have them
logon to their computers and use the mmc certificate snapin for users to request a
Recovery Agent certificate from their personal folder by right clicking and selecting
request certificate. After receiving the certificate have that user export their
certificate to a .cer file [no need to export private key] to a location known to
you. Then you can browse to that .cer file and install it as a Recovery Agent. The
..cer files are not sensitive as they are the "public" key. --- Steve

Hi
when I am editing the default Domain policy and trying
to add a user as an encrypted data recovery agent I get
this error
"The selected user has no certificate suitable for the EFS
recovery and cannot be added as a recovery agent.
I have installed the certiifcate authority but do not know
how to proceed
Please advise.
Thanks in advance
Best Regards
JP

.