|
Posted by Brian Komar \(MVP\) on March 24, 2008, 5:21 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Answers inline....
> Ok, here's the thing.
> Back in the day we didn't use efs, and our first DC failed and was
> replaced.
> Only later did we find out the DRA cert was on this server, and we now
> needed to make a new one to get EFS to work. No problem, we created a DRA
> account, and made it and admin with the DRA cert. But a side effect of
> this
> is that we would have to go in and renew the cert in two years. So I
> caefully wrote down the password, and forgot about it for one year and 10
> months.
>
> So now I go back, and I try to log into the DRA account, and it won't let
> me
> in. In spite of the fact I carefully wrote down the password in detail,
> it
> keeps telling me "The system can't log you on" and acts like the password
> is
> bad. The password is 16 charicters long, random, and highly complex, and
> can't be cracked (if you thing you can, please let me know).
>
> So;
> 1) What is going to happen when this cert expires?
EFS will stop working
> 2) Can I reset the password, and log in and renew the cert?
As long as it is a domain account, you can reset the password and then log
on **AT THE COMPUTER WHERE YOU CREATED THE CERTIFICATE***
As long as the user profile is still intact, you will regain access to the
certificate.
> 3) is there another way to renew this cert?
You could manually create a certificate using CIPHER /R to generate a much
longer-lifed certificate.
>
> Thanks all for your help :)
| 
XML site map