Generator Microsoft Word 11 (filtered medium) Hello, I am having some problems verifying if we have a recovery agent for our domain. Users can encrypt but if I login as administrator I cannot read these files, access denied error. I have windows 2003 domain, the CA is on the Domain Controller I do not see the Encrypted Data Recovery Agents section here... computer config > windows settings > security settings > Public Key policies In that same section under the ' Encrypting File System' key it show a file recovery certificate issued to Administrator. When I right click > add data recovery agent > and select the administrator I receive this error. The selected user has no certificates suitable for Encrypted File System recovery and cannot be added as a recovery agent. Here is the output of efsinfo for a file named a.txt a.txt: Encrypted Users who can decrypt: domain\matttest (matttest(matttest@xxxxxxxxxx)) Certificate thumbprint: 51A1 C123 E475 197F 62D1 1D93 C207 5F54 7179 611A Recovery Agents: Unknown (Administrator(Administrator@xxxxxxxxxx)) Certificate thumbprint: 11C6 F26A 1234 4321 024A 9176 19D1 DA1B 7A1A D4D2 I can find the administrator ( Recovery Agent) thumbprint in my Enterprise CA snap-in and it says Cert OK Thanks for any help you can give me.