Sysprep.exe May Re-Enable the Encrypting File System (294844)
The information in this article applies to:
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional
This article was previously published under Q294844 SYMPTOMS
When you disable Encrypting File System (EFS) on a Windows 2000-based computer, EFS may become re-enabled.
CAUSE
Computers that are not a member of a domain may have EFS re-enabled if the Sysprep.exe tool has been run on the computer to prepare the computer for deployment. EFS may also be re-enabled if the computer joins a Windows 2000 domain and the domain group policy object (GPO) has specified Encrypted Data Recovery agents.
RESOLUTION
Use the steps in the following Microsoft Knowledge Base article to disable EFS on a stand-alone computer:
243035 How to Disable/Enable EFS on a Stand-Alone Windows 2000 Computer
Use the steps in the following Microsoft Knowledge Base article to disable EFS on a domain:
222022 Disabling EFS for All Computers in a Windows 2000-Based Domain
MORE INFORMATION
When Sysprep.exe is run on a stand-alone computer, it will automatically reset the default recovery policy during the mini-Setup wizard that makes the local administrator the default recovery agent for the computer.
| Modification Type: | Major | Last Reviewed: | 11/20/2003 |
|---|
| Keywords: | kbenv kbprb kbui KB294844 |
|---|
|