Article ID: 290260
Article Last Modified on 3/27/2007
APPLIES TO
- Microsoft Windows XP Professional
- Microsoft Windows XP Home Edition
This article was previously published under Q290260
SYMPTOMS
After you reset the password of an account on a Windows XP-based computer that is joined to a workgroup, you may lose access to the user's:
- Web page credentials.
- File share credentials.
- EFS-encrypted files.
- Certificates with private keys (SIGNED/ENCRYPTed e-mail).
CAUSE
This issue can occur if the password was forcefully reset by an administrator or owner, instead of being changed by the user.
RESOLUTION
NOTE: For any of the following resolutions to work, the user's original account must still exist, and the user's profile must be present and unchanged since the user last had access to the data.
To recover all of the data, you must have one of the following:
- The original password. This is the password with which the user last logged on successfully and was able to access their credentials and files.
- Password Recovery Disk (PRD). This password recovery disk must have been created while the user had access to the files.
To Completely Recover By Using the Original Password
- Log on to the computer as the user with the current password.
- Click Start, and then click Control Panel.
- In Control Panel, click User Accounts.
- Click your user name.
- Click Change my password.
- Follow the instructions to change the password back to your original password.
- Restart your computer.
To Completely Recover By Using the Password Recovery Disk
- If you are logged on, log off of the computer.
- Attempt to log on as the user, and deliberately type an incorrect password.
- Click use your password reset disk.
- Follow the instructions in the wizard.
- Log on, and note that you have access to your files.
Recovering Access to Encrypted EFS Data
If you have encrypted some of your files by using the Encrypting File System (EFS), you have additional options to recover access to those encrypted files. The following provisions apply only to EFS encrypted files, and will not recover access to saved credentials or certificates.
If you have previously exported the user's EFS private key from the user's account, you may import the key back into the account and recover access to the encrypted files.
If you did not export the private key and you have defined a Data Recovery Agent (DRA) prior to encrypting the files, you may regain access to EFS files as the Data Recovery Agent. For additional information about how to recover data in this case, click the article number below to view the article in the Microsoft Knowledge Base:
255742 Methods for Recovering Encrypted Data Files
If you do not have the required items or information specified for the preceding recovery solutions, the data is permanently encrypted, and cannot be recovered.
STATUS
This behavior is by design.
MORE INFORMATION
The behavior that is described in this article is a security measure taken to protect the security of the user's private information. A malicious administrator that can reset a user's password and thereby gain access to the user's account cannot access encrypted files or authentication materials without the user's knowledge or permissions.
Before being allowed to reset a password, an administrator or owner of the computer is prompted with the following messages:
To avoid data loss because of a password reset in the future, create a password recovery disk to reset the password and have users change their own password while logged in.
To create a password recovery disk:
- Click Start, and then click Control Panel.
- Click User Accounts.
- Click your user name.
- Click Prevent a forgotten password, and then follow the instructions in the wizard.
- Store the disk in a safe location.
NOTE: The Prevent a forgotten password button and the password recovery disk functionality are not available on computers that are joined to a domain.
EFS Related Information
241201 HOW TO: Back Up Your Encrypting File System Private Key in Windows 2000
Additional query words: gracefully data recovery agent dra
Keywords: kbenv kberrmsg kbprb kbtool KB290260