Logon Process Hangs After Encrypting Files on Windows 2000 (269397)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional
This article was previously published under Q269397

SYMPTOMS

After you encrypt files on your Windows 2000-based computer, the computer may stop responding (hang) during the logon process. When this occurs, no users can log on to the computer.

CAUSE

This behavior can occur if the Autoexec.bat file in the root folder of the system drive has been encrypted.

RESOLUTION

To resolve this issue:
  1. Start the Windows 2000 Recovery Console.
  2. Type cd c:\, and then press ENTER.
  3. Type rename autoexec.bat autoexec.old, and then press ENTER.
  4. Type exit, and then press ENTER.
For additional information about Recovery Console, click the article number below to view the article in the Microsoft Knowledge Base:

229716 Description of the Windows 2000 Recovery Console

To prevent the Autoexec.bat file from becoming encrypted, use the following steps.

NOTE: These steps prevent all users from modifying the Autoexec.bat file unless an account with administrator rights is later used to change the access permissions.
  1. Log on to the computer by using an account with administrator access to the local computer.
  2. Double-click My Computer.
  3. Double-click the drive that contains your Windows 2000 installation.
  4. Right-click the Autoexec.bat file, and then click Properties.
  5. Click the Security tab.
  6. Click to clear the Allow inheritable permissions from parent to propagate to this object check box.
  7. In the Security dialog box that appears, click Remove.
  8. Click Add.
  9. In the Look-In box, click the name of the current computer.
  10. In the Name box, click System, and then click Add.
  11. Click OK.
  12. Verify that only the Read and Execute and Read permissions are selected.
  13. Click OK.

MORE INFORMATION

Some system files, such as the Autoexec.bat file, are processed before the user logon process is completed. If these files are encrypted, users cannot log on to the computer because Windows cannot gain access to the credentials that are required to decrypt the file until the user with the appropriate Encrypting File System (EFS) key has logged on.
Modification Type:MajorLast Reviewed:11/20/2003
Keywords:kbEFS kbprb w2000efs KB269397
©2003 Microsoft Corporation. All rights reserved.