G
Guest
Our environment is 2000 AD with XP Pro sp2 & 2000 pro clients.
The users that will be encrypting data are XP Pro users and we intend to
move to 2003 AD later this year - currently on test.
We are just beginning to look at encryption and I've noticed that if I open
the administrators personal certificates mmc on a DC, I can see multiple file
recovery certificates. There are 8 certificates in total:
x1 EFS expiring in 2015
x7 File recovery with different expiry dates, one of which expired earlier
this year.
Why are there so many certificates? I thought one was generated
automatically.
Also, if I open the default domain policy, I can see that there is a
certificate for the adminstrator for file recovery but it expired March 2006.
I'm guessing this is the one that is automatically created? If I export
these keys (for backup) I am notified that there is no private key. What
would be the issues if this is deleted and I create another one?
many thanks
The users that will be encrypting data are XP Pro users and we intend to
move to 2003 AD later this year - currently on test.
We are just beginning to look at encryption and I've noticed that if I open
the administrators personal certificates mmc on a DC, I can see multiple file
recovery certificates. There are 8 certificates in total:
x1 EFS expiring in 2015
x7 File recovery with different expiry dates, one of which expired earlier
this year.
Why are there so many certificates? I thought one was generated
automatically.
Also, if I open the default domain policy, I can see that there is a
certificate for the adminstrator for file recovery but it expired March 2006.
I'm guessing this is the one that is automatically created? If I export
these keys (for backup) I am notified that there is no private key. What
would be the issues if this is deleted and I create another one?
many thanks