EFS Certificates look different on several machines, all can all access encrypted files - how? I am successfully using EFS, but just done an audit to make sure we have correct backup certificates/keys. I noticed something I don't understand and want to work out what is going on before it becomes a problem. I have some encrypted files, encrypted for me using a certificate with thumbprint 'B9D5 ...' When I log in to our domain controller (SBS 2003) and check my certificate store, I can see a personal EFS certificate with this same thumbprint. So far so good. When I check on 2 other client computers (Windows 7 Ultimate/Entrprise), I see one EFS certificate in each computer, bit both with different thumbprints and expiry dates, but no certificate to match the EFS certificate I can see on the server. I can access encrypted files with no problem on all 3 systems. It is quite possible (likely) that I imported other certificates into the client machines at some point in the distant past, but if that's what I'm seeing in certmgr, how can I see the in-use EFS certificate? I'd like to make sure I back up the correct certificate. It looks like the certificates I can see on the client machines are not the ones used in encrypting my files (but then how am I reading them?). More to the point, if I want to back up the certificate, my plan would normally be to export the certificate & private key from my normal client machine, but I'm not sure this will work with the certificates I can see. Can anyone throw any light on what is going on here? Confused Andy Andy