Marlan said:
Thank you very much for the reply. But no, I'm not on a domain; this is
for all intents and purposes a standalone machine.
I had looked over stuff in Group Policy, but didn't see anything that I
thought would affect this. Any idea what specific setting(s) would
cause this? Unless I missed something, everything under Computer
Configuration > Administrative Templates is "Not configured" on my
system, except for some options under Terminal Services.
Hi
But this one is not a ordinary entry in gpedit.msc
1.. In the Group Policy Object Editor, expand Computer Configuration,
expand Windows Settings, expand Security Settings, expand Public Key
Policies, and then click Encrypting File System.
2.. Right-click Encrypting File System, and then click Properties.
3.. There you will find a "Allow users to encrypt files using Encrypting
File System (EFS)" check box.
Anyway, using encryption is overkill in many cases, and also "dangerous",
at least when using EFS to do it.
It is not without reason that many calls EFS the "delayed Recycle Bin",
and I advise people to not use EFS unless they are in a domain. Several
times a week posts cries for help in the newsgroups after having lost
their encrypted files, some even if they exported their keys/certs.
To many thing can go wrong in a non-domain environment.
From a previous posting of mine in the
microsoft.public.windowsxp.security_admin newsgroup:
Read and understand the information in the links below before you start
using Encrypting File System (EFS), or you will very likely loose your
files one time in the future:
Best Practices for the Encrypting File System
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316
Encrypting File System in Windows XP and Windows Server 2003
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/CryptFS.asp
(58 pages, will also tell the differences between Win2k and WinXP
regarding EFS)
also gives information/links on to how to export keys, e.g.
"Data Recovery on Standalone Machines"
Under "Knowledge Base Articles on EFS" you will find e.g.
241201 How to Back Up Your Encrypting File System Private Key
259732 EFS Recovery Agent Cannot Export Private Keys
255742 Methods for Recovering Encrypted Data Files
Reading 255742, will give you this as well:
241201 HOW TO: Back Up Your Encrypting File System Private Key in
Windows 2000
242296 How to Restore an EFS Private Key for Encrypted Data Recovery
If your computer is not a member of an AD domain, this part of the
document is obligatory reading:
"Using EFS with Standalone Machines or NT 4.0 Domains"