Logon Process Hangs After Encrypting Files on Windows 2000

This article was previously published under Q269397
This article has been archived. It is offered "as is" and will no longer be updated.
After you encrypt files on your Windows 2000-based computer, the computer may stop responding (hang) during the logon process. When this occurs, no users can log on to the computer.
This behavior can occur if the Autoexec.bat file in the root folder of the system drive has been encrypted.
To resolve this issue:
  1. Start the Windows 2000 Recovery Console.
  2. Type cd c:\, and then press ENTER.
  3. Type rename autoexec.bat autoexec.old, and then press ENTER.
  4. Type exit, and then press ENTER.
For additional information about Recovery Console, click the article number below to view the article in the Microsoft Knowledge Base:
229716 Description of the Windows 2000 Recovery Console
To prevent the Autoexec.bat file from becoming encrypted, use the following steps.

NOTE: These steps prevent all users from modifying the Autoexec.bat file unless an account with administrator rights is later used to change the access permissions.
  1. Log on to the computer by using an account with administrator access to the local computer.
  2. Double-click My Computer.
  3. Double-click the drive that contains your Windows 2000 installation.
  4. Right-click the Autoexec.bat file, and then click Properties.
  5. Click the Security tab.
  6. Click to clear the Allow inheritable permissions from parent to propagate to this object check box.
  7. In the Security dialog box that appears, click Remove.
  8. Click Add.
  9. In the Look-In box, click the name of the current computer.
  10. In the Name box, click System, and then click Add.
  11. Click OK.
  12. Verify that only the Read and Execute and Read permissions are selected.
  13. Click OK.
Some system files, such as the Autoexec.bat file, are processed before the user logon process is completed. If these files are encrypted, users cannot log on to the computer because Windows cannot gain access to the credentials that are required to decrypt the file until the user with the appropriate Encrypting File System (EFS) key has logged on.
dos attack

Article ID: 269397 - Last Review: 10/20/2013 23:53:39 - Revision: 3.2

Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Professional Edition

  • kbnosurvey kbarchive kbefs kbprb KB269397