I'm having a fight with encryption . . . I have the certificate and matching
key for the encrypted files. I select a file, right-click 'properties', click
'advanced', unselect 'encrypt', and get an "Error 5" message.

Initially I was getting a message telling me that the certificate was not in
the "Trusted Root Certification Store", so I added the requisite 'snap-in',
exported the certificate from Console Root\Certificates - Local
Computer\Trusted People\Certificates and imported it to Console
Root\Certificates - Local Computer\Trusted Root Certification
Authorities\Certificates. The red 'x' that was on the certificate (found by
double-clicking the Certificate, on the General tab) disappeared. The
certificate "is intended for the following purpose(s): allows data on disk to
be encrypted; all issuance policies."

I was elated with my progress! Until I tried to unencrypt again . . . I
right-click a file, click 'properties', click 'advanced', and click
'details', but my certificate is not listed among the "Users who can
transparently access this file"--there's only User(User@DIRECTOR). I click
"Add" and my key appears in the "select the user's certificate with whom you
want to share the access" window, I select it and click OK and it is added to
the "Users who can transparently access this file" window. I click OK and get
the EFSADU error "Error in adding new user(s). Error code 5."

Is there any way to set my key as the 'default' certificate (so that it
would show up in the "Users who can transparently access this file" list)? If
not, is there another folder in the Certificates console that my certificate
should be imported into so that it can be "added"?

Thanks for your help,

Paul

PS I've got 'ownership' rights to all the folders in question, so I don't
think that's the issue.

See if the info in the KB article below helps which states you must be a
local administrator or the user that encrypted the file to add other users
to the list. --- Steve


http://support.microsoft.com/default...308991&sd=tech

"stumped" <stumped@discussions.microsoft.com> wrote in message
news:C43529F0-7F8A-43B1-BDF0-B6BC4EACDCEF@microsoft.com...
> I'm having a fight with encryption . . . I have the certificate and
> matching
> key for the encrypted files. I select a file, right-click 'properties',
> click
> 'advanced', unselect 'encrypt', and get an "Error 5" message.
>
> Initially I was getting a message telling me that the certificate was not
> in
> the "Trusted Root Certification Store", so I added the requisite
> 'snap-in',
> exported the certificate from Console Root\Certificates - Local
> Computer\Trusted People\Certificates and imported it to Console
> Root\Certificates - Local Computer\Trusted Root Certification
> Authorities\Certificates. The red 'x' that was on the certificate (found
> by
> double-clicking the Certificate, on the General tab) disappeared. The
> certificate "is intended for the following purpose(s): allows data on disk
> to
> be encrypted; all issuance policies."
>
> I was elated with my progress! Until I tried to unencrypt again . . . I
> right-click a file, click 'properties', click 'advanced', and click
> 'details', but my certificate is not listed among the "Users who can
> transparently access this file"--there's only User(User@DIRECTOR). I click
> "Add" and my key appears in the "select the user's certificate with whom
> you
> want to share the access" window, I select it and click OK and it is added
> to
> the "Users who can transparently access this file" window. I click OK and
> get
> the EFSADU error "Error in adding new user(s). Error code 5."
>
> Is there any way to set my key as the 'default' certificate (so that it
> would show up in the "Users who can transparently access this file" list)?
> If
> not, is there another folder in the Certificates console that my
> certificate
> should be imported into so that it can be "added"?
>
> Thanks for your help,
>
> Paul
>
> PS I've got 'ownership' rights to all the folders in question, so I don't
> think that's the issue.