we use windows 2003 Enterprise CA.
It looks CA do not archive secret key.
we use EFS for end user.
If we use EFS recovery certificate and resister it to GroupPolicy, group policy publiced EFS encryped file is recoverable by EFS recovery certificate ?