HOW TO: Prevent Files from Being Encrypted When Copied to a Server (302093)


The information in this article applies to:

  • Microsoft Windows 2000 Server SP1
  • Microsoft Windows 2000 Server SP2
  • Microsoft Windows 2000 Advanced Server SP1
  • Microsoft Windows 2000 Advanced Server SP2
  • Microsoft Windows 2000 Professional SP1
  • Microsoft Windows 2000 Professional SP2
This article was previously published under Q302093

IN THIS TASK

IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

SUMMARY

You may want to have files in an encrypted state by using the Windows 2000 Encrypting File System (EFS) feature, such as on a laptop computer, while still having the ability to copy these files in an unencrypted state to a central server to share with other users.

This article describes how to cause encrypted files that are copied to a particular Windows 2000-based computer to be stored on that computer in an unencrypted state.

back to the top

Copy Encrypted Files to a Server

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To prevent EFS files from being copied to a server in an encrypted format, follow these steps on the destination server:
  1. Click Start, and then click Run.
  2. Type regedit, and then click OK.
  3. Locate and click the following key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem

  4. Delete the NtfsEncryptionService value from the FileSystem key.
  5. Restart the server.
This change has the following effects on the target server:
  • Files cannot be encrypted or decrypted with EFS on this server.
  • Client computers that copy EFS encrypted files to this server will cause the files to be stored in an unencrypted state on the server.
Note that under typical circumstances (when this registry change has not been made), you cannot copy EFS encrypted files to another Windows 2000-based computer that has not been trusted for delegation. You receive the error message "Access is denied. The source file may be in use." This behavior is by design.

back to the top

REFERENCES

To copy EFS encrypted files from one Windows 2000-based computer to another while maintaining the encryption state, the source computer must trust the destination computer for delegation. For additional information about trusting a computer for delegation and what this does, click the article number below to view the article in the Microsoft Knowledge Base:

266080 Answers to Frequently Asked Kerberos Questions

Modification Type:MinorLast Reviewed:1/27/2006
Keywords:kbEFS kbenv kbHOWTOmaster w2000efs KB302093 kbAudITPro
©2004 Microsoft Corporation. All rights reserved.