Hi all,I have the following setup:Active Directory domainWindows 2003 R2 Enterprise CAWindows 2003 R2 fileserver with EFS share with correct share and NTFS permissionsWindows Vista Business SP2 workstationsEFS certificates are being issued to a group of users from the CA based on security groups, so they can access the files in EFS share on fileserver. This works fine, however one of these users needs to be able to add more users (user's EFS certificate) to particular files in the encrypted share.. This is not possible because in Vista, eventhough the user can access and modify the encrypted file, when the user opens properties of the file and select Advanced> Details > clicks Add button and finds a users certificate using Active Directory, he is not able to add the user because the OK button is greyed out.. Cananybody help me? Did I miss something? When I try the same from Windows XP I can add user without problem..Thanks,Michal Novak

Ok, I've found a reason of this and solution..Aftercomparing user profiles and certifictes I've noticed that one of them had in the certificate store Other people a certificate and the other users did not. When I logged on this particular user's account I've found out that this user can add another EFS certificates to the encrypted file.. So I've imported an EFS certificate to the Other People certificate store of my problem userand voil.. The OK button is greyed out no more. :-)I'm a bit confused right now.. Is this a bug, or a feature?Thanks.Michal