JSI Tip 6371. Windows XP clients in a Windows NT 4.0 domain may loose access to encrypted files if they use a roaming profile or change their password?

The Windows XP EFS (Encrypting File System) does NOT support the recovery functionality for members of a Windows NT domain, unlike a Windows 200x domain. In a Windows 200x domain, the recovery mechanism is domain based and NOT located on the workstation.

NOTE: After a password change, you may have to change your password back to the one used to encrypt the file to recovery an encrypted file.

To enable changed password access to the recovery keys:

1. Install Windows XP SP1.

2. Use the Registry Editor to navigate to:


3. Edit or add Value Name MasterKeyLegacyNt4Domain, a REG_DWORD data type, and set the data value to 1.


Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.