Sysprep.exe May Re-Enable the Encrypting File System

Article translations Article translations
Article ID: 294844 - View products that this article applies to.
This article was previously published under Q294844
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all


When you disable Encrypting File System (EFS) on a Windows 2000-based computer, EFS may become re-enabled.


Computers that are not a member of a domain may have EFS re-enabled if the Sysprep.exe tool has been run on the computer to prepare the computer for deployment. EFS may also be re-enabled if the computer joins a Windows 2000 domain and the domain group policy object (GPO) has specified Encrypted Data Recovery agents.


Use the steps in the following Microsoft Knowledge Base article to disable EFS on a stand-alone computer:
243035 How to Disable/Enable EFS on a Stand-Alone Windows 2000 Computer
Use the steps in the following Microsoft Knowledge Base article to disable EFS on a domain:
222022 Disabling EFS for All Computers in a Windows 2000-Based Domain


When Sysprep.exe is run on a stand-alone computer, it will automatically reset the default recovery policy during the mini-Setup wizard that makes the local administrator the default recovery agent for the computer.


Article ID: 294844 - Last Review: October 23, 2013 - Revision: 3.2
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
kbnosurvey kbarchive kbenv kbprb kbui KB294844

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from