When I try to encrypt a file I get an error: An error occurred applying attributes to the file: C:\file.txt Recovery policy configured for this system contains invalid recovery certificate. I have looked for expired certificates in my personal cert store but there are none. Just to be safe I've deleted all of my personal certificates, rebooted and tried again - no go. What else can cause this error?

I should also add that when I click on "Advanced" in attributes -> "Encrypt contents to secure data" -> "OK" -> "OK" a certificate is created in my personal store. As you can imagine it doesn't expire any time soon.

Your Data (EFS) Recovery Agent is expired or invalid. To configure correct EFS Recovery Agent certificate see http://technet.microsoft.com/en-us/library/cc962057.aspx Also check out http://support.microsoft.com/kb/223316/en-us http://technet.microsoft.com/en-us/library/bb457065.aspx for more information about EFS. Martin

Thanks for the links. I didn't know how EFS worked in a domain environment. My domain was created LOONG ago so the Recovery Agent located in the Default Domain Policy GPO was expired. I was able to create a new one, refresh my policy, logout/logon and then I was able to use EFS as expected.