
close
close
How can I disable EFS on Computers Running Windows 2000?
To disable EFS on computers running Windows 2000, you must remove the default data recovery agent from the computer. This restriction is removed in Windows XP and Windows Server 2003 to help prevent security attacks on computers that are not members of a domain.
The following procedure will show you how to use Group Policy to disable EFS for all computers running Windows 2000 in a Windows Server 2003 domain.
Note: Before you remove the certificate for the default domain recovery agent, you should back up the certificate by exporting it to a file.
This will export the default EFS recovery certificate for the domain to a file. Store this file on removable media such as a floppy disk, and then store the media in a secure location.
advertisment
This will delete the default EFS recovery certificate for the domain.
Important: Deleting the EFS recovery agent for the domain will prevent users on computers running Windows 2000 from encrypting files; however, it will not prevent users on computers running Windows XP and Windows Server 2003 from encrypting files. In addition, it will disable the recovery agent for all encrypted files. If users who have previously encrypted files are unable to decrypt their files for any reason, there will be no recovery agent to decrypt their files.
You might also want to read the following related articles:
More in Security
QNAP Releases Patch to Fix PHP Security Flaw Affecting Select NAS Devices
Jun 23, 2022 | Rabia Noureen
Microsoft Unveils New Edge Secured-Core IoT Devices to Block Firmware Attacks
Jun 22, 2022 | Rabia Noureen
Microsoft Defender for Individuals is Now Available on Desktop and Mobile
Jun 16, 2022 | Rabia Noureen
Most popular on petri