I am trying to apply encryption to a folder and sub-folders on a Windows XP
Professional system. (Which is on a Windows 2000 Active Directory network.)
I got an, "Error Applying Attributes: Recovery policy configured for this
system contains invalid recovery certificate" error message. I Googled this
message and found that if I looked in Active Directory there would likely be
a recovery agent that had expired. I got into AD Users and Computers, got
into group policy for the domain, then looked under "Computer
Configuration -> Windows Settings -> Public Key Policies ->Encrypting File
System" and I found the certificate and sure enough it has expired.



My problem is I have no idea as to how to renew, or generate, a new one.
And once I did that, how to apply it. How is that done, please?





Rod