Currently in our W2K3 domain we have no group policy at all. We have a Certificate Authority but it is currently configured to not automatically issue certificates. All documentation regarding setting up EFS and a EFS recovery agent indicates that editing the domain group policy is required. Is it a requirement that a group policy exists for a domain to setup a EFS recovery agent? If I create a "new" group policy is everything in it "undefined" by default, i.e. creating will not affect anything unless it is edited? Is so I will feel more comfortable creating one and would then only eidt what pertains to EFS.