D
Doug Clemons
I am the administrator of a walk-up type workstation
running W2K. For various reasons, it's a standalone
machine not connected to any domain. There are numerous
users(8+) who need access to this machine and we recently
implemented EFS for all users. By default, I'm the
recovery agent, I'd like to add one and possible two
others. When I try to request new certificates for these
individuals using Users and Paswords/Advanced/New
Certificate I get an error that says something
like "windows can't find an authority to process this
request". No surprise, as I can't run CA services, but I
thought W2K would self-sign a standalone requested
certificate? Using the mmc Certificates snap-in gives me
similar results. So, I import/export/install my
certificate to the users personal certificate store and
try to add them under mmc public key/encrypted data
recovery agents. Everything seems to go fine, the wizard
tells me it worked and then I get a message that
says "certificate store already contains the selected
certificate. Delete the duplicate before adding" and it
kicks me back out to mmc...without another certficate/user
added to the EDRP. I know some tricks, deleting the
certificate, using regsvr32 to change the registry and
logging back in as the user generates a certificate. But
isn't there another, easier way????
running W2K. For various reasons, it's a standalone
machine not connected to any domain. There are numerous
users(8+) who need access to this machine and we recently
implemented EFS for all users. By default, I'm the
recovery agent, I'd like to add one and possible two
others. When I try to request new certificates for these
individuals using Users and Paswords/Advanced/New
Certificate I get an error that says something
like "windows can't find an authority to process this
request". No surprise, as I can't run CA services, but I
thought W2K would self-sign a standalone requested
certificate? Using the mmc Certificates snap-in gives me
similar results. So, I import/export/install my
certificate to the users personal certificate store and
try to add them under mmc public key/encrypted data
recovery agents. Everything seems to go fine, the wizard
tells me it worked and then I get a message that
says "certificate store already contains the selected
certificate. Delete the duplicate before adding" and it
kicks me back out to mmc...without another certficate/user
added to the EDRP. I know some tricks, deleting the
certificate, using regsvr32 to change the registry and
logging back in as the user generates a certificate. But
isn't there another, easier way????