Hi, We are facing a serious issue in our network. We have EFS enabled for the users and they encrypt the important files. We have Certificate Server in place which issues the certificates to the users for EFS. This Cert Server is Sub-ordinate Issuing CA and Root CA is offline. We have defined the Group Policy with 5 Recover Agents. Everything works fine but we are facing a issue with one user. The User has encrypted many business critical files long back and the recovery certificates which were present in policy at that time were added to all the files. Now as those recovery certs are expired we have removed those from Policy and added new recovery certs. It is fine for all the users but for this user the files are still showing the old recovery certs. We tried to update policy and run RSOP and found that new certs are showing in the Policy but files are showing the old certs. We have kept the old expired certs (.pfx) in a DVD. We tried to install those certs in effected PC and the thumbprint is matching with the ones reflecting in files but still the files are not getting decrypted and we are getting Access Denied Error. Please help me to either update the recovery cert information in Files or decrypt the files using old certs. Thanks,

Hi, Have you checked the user profile? If only the profile is corrupted, the encrypted file should not be affected. Also, If you already setup the EFS recovery agent policy, please copy the encrypted file to the computer which your file recovery certificate and recovery key are located. Then Right-Click the file=> Advanced=> decrypt the file. The detailed information, you may refer to the following link. http://blogs.technet.com/b/asiasupp/archive/2007/04/26/efs-file-recovery.aspx Hope it helps. Tracy Cai TechNet Community Support

Hi, Have you checked the user profile? If only the profile is corrupted, the encrypted file should not be affected. Also, If you already setup the EFS recovery agent policy, please copy the encrypted file to the computer which your file recovery certificate and recovery key are located. Then Right-Click the file=> Advanced=> decrypt the file. The detailed information, you may refer to the following link. http://blogs.technet.com/b/asiasupp/archive/2007/04/26/efs-file-recovery.aspx Hope it helps. Tracy Cai TechNet Community Support