Article ID: 288348
Article Last Modified on 10/31/2007
APPLIES TO
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Professional Edition
This article was previously published under Q288348
SYMPTOMS
If you encrypted files on a Windows 2000-based computer by using Encrypting File System (EFS), you may lose the ability to access or decrypt these files if you run the System Preparation tool (Sysprep.exe) on the computer.
CAUSE
This behavior occurs because the System Preparation tool changes the security identifiers (SIDs) for the local machine and user accounts. After the System Preparation tool alters the SIDs, the old encryption keys no longer work. This is also true for the local administrator account, which is the default recovery agent for encrypted files.
WORKAROUND
To avoid this behavior, do not run Sysprep.exe on computers that have EFS-encrypted files. If you must run Sysprep.exe on a computer that has EFS-encrypted files, back up the local administrator's EFS Private key before you run Sysprep.exe, and then restore it afterwards. For additional information about how to do this, click the article numbers below to view the articles in the Microsoft Knowledge Base:
241201 HOW TO: Back Up Your Encrypting File System Private Key in Windows 2000
STATUS
This behavior is by design.
MORE INFORMATION
If your computer is a member of a Windows 2000-based domain and you encrypted the files by using a domain user account, you can use the EFS Recovery Agent for your domain to recover the encrypted files.
Microsoft does not recommend using Sysprep.exe on computers that are already part of a domain.
REFERENCES
For more information about Sysprep.exe, go to the following Microsoft Web site:
Additional query words: Sysprep exe
Keywords: kbenv kbprb KB288348
