Just after i reset my password

[Samer]

I'm using Microsoft XP os, and have encrypted some of my
files on the computer,from the Administration account.
After that I have reset my password two times for my
account ,and tried it.But after that, I had surprised
that I cannot open any of my Encrypted files , it say's :
* Access Denied (for txt files)
*Windows cannot access the specified file. You may not
have the appropriate permissions to access the item.

I had tried to access those files from all the accounts
in my computer but this didn't work.I read some of the
help files about certifications and public and private
keys and recovery agents,but I could not do anything of
this because I don't know what and how to do it exactly.
I will be very appreciated if you could tell me how can I
recover my files back,is there any method to do this.I
still have the userkey file created from the second
password reset dist wizard.

 

[Roger Abell]

Reset the password back to what it was when EFS
last was able to access the files.
In the future never reset passwords, but rather you
must use the change password capability (the one
available in any account) rather than the reset capability
(available only in admin accounts).
This is a documented behavior of EFS, an added security
feature designed into XP to get rid of a vulnerability around
EFS in the W2k implementation. For this reason the ability
to make password recovery disks was also provided in XP.
Use this, it is there for a reason.

 

[Jupiter Jones [MVP]]

To add a little to what Roger stated...
EFS is very good at what it does and there is no back door.
Read and understand these links before using EFS to keep from
permanently losing your data:
http://www.microsoft.com/windowsxp/pro/techinfo/administration/recovery/default.asp
(58 pages)
http://support.microsoft.com/?id=223316

 

[Roger Abell]

Thanks Jupiter,
And anyone using EFS should be familiar with the
docs you have referenced.
EFS is indeed good at what it is designed to do,
and just to clarify a little further, what this person
ran into is not EFS but a behavior of DPAPI, something
that EFS uses to store its secrets. We all know how easy
some tools make it to slap a different password onto a
machine local account. What good would EFS be if all
one had to do was log in with the associated account ?
Using DPAPI effectively makes it so that one has to log
in with the correct account using the correct password.
This is a great improvement over W2k.