EFS Files and new PKI and DRA Agent RRS feed

  • Question

  • Guys, we have many EFS files encrypted with EFS certs from our existing internal PKI. The DRA agent certs expired preventing us creating new certs. No problem so we created new DRA certs and configured with GPO. All our EFS certs were encrypted with an EFS cert assigned to a windows service that runs with a domain account(3rd party batch scheduling product). As such, when this account next touches those EFS files the files are updated with the new DRA certs. So far so good.

    Now we need to introduce a new PKI and retire the old one (as the old one runs on Windows 2008 R2). So how can we automate the application of the new EFS and DRA certs form the new PKI to existing files? Do we have to create new files and copy in the content?

    Tuesday, August 13, 2019 10:46 PM

All replies