Question about failed root CA and EFS

[Guest Graham]

Enterprise Root CA on Windows Server 2003 Std - hard drive was removed from

the server and stored in a locked cabinet.

 

Just over two years ago, a certificate was created, which apparently allowed

EFS in our domain. Last week, the certificate expired, and we stopped being

able to set the encrypted flag on folders. We now see the message, "Recovery

policy configured for this system contains invalid recovery certificate." All

the KB docs says to renew the certificate, or issue a new one.

 

We plugged in the hard drive from above, only to discover that it has

failed, so we cannot renew this particular cert or revive the Root CA. I

suppose we could create a new Root CA and issue a new one. The admin who

originally set up the Root CA is no longer here, and we have no documentation

about the certificates that it issued and what they were supposed to do. We

have no other CAs. Being able to recover previously encrypted documents is

not an issue.

 

My question is, can we just delete the cert from the domain and revert to

the default settings of no cert for EFS?

 

Thanks,