The Windows XP EFS (Encrypting File System) does NOT support the recovery functionality for members of a Windows NT domain, unlike a Windows 200x domain. In a Windows 200x domain, the recovery mechanism is domain based and NOT located on the workstation.
NOTE: After a password change, you may have to change your password back to the one used to encrypt the file to recovery an encrypted file.
To enable changed password access to the recovery keys:
1. Install Windows XP SP1.
2. Use the Registry Editor to navigate to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb.
3. Edit or add Value Name MasterKeyLegacyNt4Domain, a REG_DWORD data type, and set the data value to 1.