To work around this behavior, configure the Windows XP SP1-based computer to encrypt files by using an algorithm that is supported by the other operating systems that access the files. To do so:
- Decrypt all the EFS encrypted files in Windows XP SP1.
- On the Windows XP SP1-based workstation, start Registry Editor.
- Locate and then click the following key in the registry:
- On the Edit menu, click Add Value, and then add the following registry value:Value name: AlgorithmID
Data type: REG_DWORD
Value data: Use any of the values from the following list:
- 3DES: 0x6603 (This value is compatible with Windows XP and later.)
- DESX: 0x6604 (This value is compatible with all versions of Windows 2000 and Windows XP.)
- AES_256: 0x6610 (This is the default value. It is compatible with only Windows XP SP1 and later.)
- Quit Registry Editor.
- Restart the Windows XP SP1-based workstation.
- Encrypt the files again using either operating system.
- The user encrypting the files.
- Any other users who are configured to use the file.
- Any configured recovery agents.
- Windows 2000 can only use the expanded Data Encryption Standard (DESX) algorithm for EFS encryption and decryption.
- Versions of Windows XP earlier than SP1 can only use the expanded DESX or the Triple-DES (3DES) algorithm for EFS encryption and decryption.
- Windows XP with SP1 or later can encrypt or decrypt files using DESX, 3DES, or AES.
For more information about the AES Cryptographic Provider in Windows, visit the following Microsoft Web sites:
Article ID: 329741 - Last Review: Nov 6, 2008 - Revision: 1