No announcement yet.

EFS Recovery Agents

  • Filter
  • Time
  • Show
Clear All
new posts

  • EFS Recovery Agents

    I've been trying to add a Recovery agent to my existing GPO for the domain, the current Recovery agent is the domain admins which is the default.

    When I try to Add a new recovery agent the message received is along the lines of "There are no suitable certificates available for this user......."

    I have exported and imported the certificate created at an XP client machine to the Trusted CA on the domain controller but still get the same error message, after trailing through various articles I'm still no further along. Any help/suggestions will be appreciated!

  • #2
    Re: EFS Recovery Agents

    In order to be Recovery Agent, a user should have a proper certificate got from a trusted CA.
    Also based on Windows help
    "Adding a recovery agent from Active Directory requires that File Recovery certificates are published in Active Directory. However, the default EFS File Recovery certificate template does not publish these certificates. This can be changed by copying the default EFS File Recovery certificate template to create a new template and configuring it to Publish certificate in Active Directory. For more information on modifying certificate templates, see Related Topics"

    this meen that it is not enough to have the certificate, it also should be available in AD.
    Attached Files
    Csaba Papp
    MCSA+messaging, MCSE, CCNA
    Remember to give credit where credit is due and leave reputation points where appropriate


    • #3
      Re: EFS Recovery Agents

      Thanks for the info, I'm optimistic I can sort this out now....I'll let you know how it goes