JSI Tip 6371. Windows XP clients in a Windows NT 4.0 domain may loose access to encrypted files if they use a roaming profile or change their password?

Jerold Schulman

February 24, 2003

1 Min Read
ITPro Today logo in a gray background | ITPro Today

The Windows XP EFS (Encrypting File System) does NOT support the recovery functionality for members of a Windows NT domain, unlike a Windows 200x domain. In a Windows 200x domain, the recovery mechanism is domain based and NOT located on the workstation.

NOTE: After a password change, you may have to change your password back to the one used to encrypt the file to recovery an encrypted file.

To enable changed password access to the recovery keys:

1. Install Windows XP SP1.

2. Use the Registry Editor to navigate to:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyProtectProvidersdf9d8cd0-1501-11d1-8c7a-00c04fc297eb.

3. Edit or add Value Name MasterKeyLegacyNt4Domain, a REG_DWORD data type, and set the data value to 1.

 



Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like