Error Message "Access Denied" When Starting a Recently Installed Program


When you attempt to start a program that was recently installed, you may receive an "Access Denied" error message. However, the administrator and Encrypting File System (EFS) recovery agents are able to start the program.

In addition, only the administrator and EFS recovery agents are able to use the Explorer bar on the desktop.


This issue can occur if the temporary folder was encrypted when the program or critical update was installed, or when a hotfix was applied. During the installation, if the temporary folder is encrypted, important files remain encrypted when they are moved out of the temporary folder and placed in public locations.


To resolve this issue, follow these steps:
  1. Log on as an administrator.
  2. Remove the encryption setting on the temporary folder.
  3. Reinstall the program or the critical update, or reapply the hotfix.
  4. Restore the encryption setting on the temporary folder.


This behavior is by design.

More Information

If you try to decrypt the file manually before you reinstall the program or the update, or reapply the hotfix, you may receive the following error message:
An error occurred when applying attributes to the file filename, the process cannot access the file because it is being used by another process
For security purposes, you can encrypt the temporary folder so that sensitive information that is stored in the folder is inaccessible to unauthorized persons. When you install programs or updates, it is recommended that you decrypt the temporary folder for the duration of the installation, and then encrypt it again after the installation is complete.

When you install a program, or install a security update, files are first extracted to the temporary folder. When the files are created in the temporary folder, if the encryption attribute is set, the files inherit this setting from the temporary folder. The files are then moved to their proper locations by the installation program. The files retain the encryption attribute when they are moved to their respective place in the operating system on the same hard disk.

Only EFS recovery agents are able to decrypt and use these files. The built-in administrator is the default EFS recovery agent.

For additional information about EFS, click the article numbers below to view the articles in the Microsoft Knowledge Base:
222054 Encrypting Files in Windows 2000
243035 How to Disable/Enable EFS on a Stand-Alone Windows 2000 Computer
255742 Methods for Recovering Encrypted Data Files
221997 Cannot Gain Access to Previously Encrypted Files on Windows 2000