Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Password Reset and EFS

Status
Not open for further replies.
rgzimmer

rgzimmer

MIS
Aug 9, 2001
227
US
I have a user that loses access to his encrypted files every time he changes his password. This happens no matter what method he uses to change it.

- Gets the notice that his password is expiring so he changes it as prompted - breaks encryption

- Uses the change password option after pressing ctrl-alt-del - breaks encryption

- Changes password from the users admin - breaks encryption, as it states it will.

Anyone else have any experience with thsi? This is on a laptop that is not attached to a domain. Passwords are required to change every 43 dats.
 
Sort by date Sort by votes
To enable changed password access to the recovery keys:

1. Install Windows XP SP1.

2. Use the Registry Editor to navigate to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb.

3. Edit or add Value Name MasterKeyLegacyNt4Domain, a REG_DWORD data type, and set the data value to 1.



 
Upvote 0 Downvote
I have 130 laptops deployed with the same config and this is the only one with this problem. I can recover the encrypted files just fine by changing the password back. I just don't want to keep doing that.

I also have the cert exported to a file in my posession just in case the account is irrecoverable. I don't send that file out, though, because it will invartiably end up unencrypted on his laptop and therefore easily accesible by anyone who might steal the system.
 
Upvote 0 Downvote
bcastner,

Is there any documentation on what the patch fixes?

Thanks a bunch for your help!

 
Upvote 0 Downvote
You in fact should not have the issue if Service Pack 1 is installed.

It is possible a system restore point was used to revert to pre-SP1.

In any password change operation that uses an offline change; i.e. any password change that does not require entering the old password and then the new password; the EFS store will be affected. This is "by design."

For whatever reason the NT compatability registry switches are not right on this particular laptop. As I said earlier, you can either make a simple registry edit or use the patch I linked earlier.

This is not a completely unknown phenomena, and the changes I suggested in earlier posts will reverse the behavior.
 
Upvote 0 Downvote

Essentially it does what the registry entry I detailed earlier performs: it clarifies that the workstation is not receiving a policy demand to change the password from a Win2k GPO, and forces the registry to reflect a workstation in a Workgroup or NT4 Domain setting.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Andrzejek
  • Locked
  • Question
How to Disable Google Chrome Password Manager 2
Replies
3
Views
1K
combo
combo
Flinx
  • Locked
  • Question
backup fails with error code 0x81000019 and possible fix 1
Replies
5
Views
2K
Flinx
Flinx
Flinx
  • Locked
  • Question
the SAGA of trying to get a computer to sleep and wake up on a schedule
Replies
1
Views
2K
Flinx
Flinx
hikermann
  • Locked
  • Question
WordPerfect 12 and Windows 10 Fighting
Replies
1
Views
343
Mike Lewis
Mike Lewis
RonL2
  • Locked
  • Question
win 7 Chrome and Opera
Replies
4
Views
443
Mike Lewis
Mike Lewis

Part and Inventory Search

Sponsor

Back
Top