Select the product you need help with
- Internet Explorer
- Windows Phone
- More products
EFS, Credentials, and Private Keys from Certificates Are Unavailable After a Password Is Reset
Article ID: 290260 - View products that this article applies to.
This article was previously published under Q290260
After you reset the password of an account on a Windows XP-based computer that is joined to a workgroup, you may lose access to the user's:
This issue can occur if the password was forcefully reset by an administrator or owner, instead of being changed by the user.
NOTE: For any of the following resolutions to work, the user's original account must still exist, and the user's profile must be present and unchanged since the user last had access to the data.
To recover all of the data, you must have one of the following:
To Completely Recover By Using the Original Password
To Completely Recover By Using the Password Recovery Disk
Recovering Access to Encrypted EFS DataIf you have encrypted some of your files by using the Encrypting File System (EFS), you have additional options to recover access to those encrypted files. The following provisions apply only to EFS encrypted files, and will not recover access to saved credentials or certificates.
If you have previously exported the user's EFS private key from the user's account, you may import the key back into the account and recover access to the encrypted files.
If you did not export the private key and you have defined a Data Recovery Agent (DRA) prior to encrypting the files, you may regain access to EFS files as the Data Recovery Agent. For additional information about how to recover data in this case, click the article number below to view the article in the Microsoft Knowledge Base:
255742If you do not have the required items or information specified for the preceding recovery solutions, the data is permanently encrypted, and cannot be recovered.
(http://support.microsoft.com/kb/255742/EN-US/ )Methods for Recovering Encrypted Data Files
The behavior that is described in this article is a security measure taken to protect the security of the user's private information. A malicious administrator that can reset a user's password and thereby gain access to the user's account cannot access encrypted files or authentication materials without the user's knowledge or permissions.
Before being allowed to reset a password, an administrator or owner of the computer is prompted with the following messages:
To avoid data loss because of a password reset in the future, create a password recovery disk to reset the password and have users change their own password while logged in.
To create a password recovery disk:
EFS Related Information
(http://support.microsoft.com/kb/241201/EN-US/ )HOW TO: Back Up Your Encrypting File System Private Key in Windows 2000