Search the Petri IT Knowledgebase

The Unofficial M365 Changelog

Sponsors

Podcasts

Learning Center
search icon

close

Icon for Latest Whitepaper

Latest Whitepaper

Choosing an MFA Solution for Your Active Directory Environment? Ask These 15 Questions.
Icon for On-Demand Webinar

On-Demand Webinar

Maximizing Your Microsoft E5 Security Solutions
Icon for LIVE CONFERENCE TODAY!

LIVE CONFERENCE TODAY!

GET-IT Microsoft Cloud Security and Compliance 1-Day Virtual Conference
Icon for Ebook

Ebook

The Forrester New Wave™: SaaS Application Data Protection, Q4 2021

Home

Security

Disable EFS in Windows 2000

Daniel Petri

 |

Jan 8, 2009

How can I disable EFS on Computers Running Windows 2000?
To disable EFS on computers running Windows 2000, you must remove the default data recovery agent from the computer. This restriction is removed in Windows XP and Windows Server 2003 to help prevent security attacks on computers that are not members of a domain.
The following procedure will show you how to use Group Policy to disable EFS for all computers running Windows 2000 in a Windows Server 2003 domain.
Note: Before you remove the certificate for the default domain recovery agent, you should back up the certificate by exporting it to a file.

  1. Open the Default Domain Policy GPO. You can use Active Directory Users and Computers or the GPMC to edit the GPO.
  2. In the Group Policy Object Editor, expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Public Key Policies, and then click Encrypting File System.
  3. In the details pane, right-click Administrator, point to All Tasks, and then click Export. Complete the Certificate Export Wizard to export the Administrator’s EFS recovery certificate.

This will export the default EFS recovery certificate for the domain to a file. Store this file on removable media such as a floppy disk, and then store the media in a secure location.

advertisment

  1. In the details pane, right-click Administrator, and then click Delete.

This will delete the default EFS recovery certificate for the domain.

  1. In the Certificates window, click Yes to permanently delete the certificate.

Important: Deleting the EFS recovery agent for the domain will prevent users on computers running Windows 2000 from encrypting files; however, it will not prevent users on computers running Windows XP and Windows Server 2003 from encrypting files. In addition, it will disable the recovery agent for all encrypted files. If users who have previously encrypted files are unable to decrypt their files for any reason, there will be no recovery agent to decrypt their files.

Related articles

You might also want to read the following related articles:

More from Daniel Petri

Microsoft's Blunder: Upgrade to Office 2016 and Lose Skype for Business

Windows 10 Ignoring the Hosts File for Specific Name Resolution

Resolving "Namespace is already defined' Group Policy Error in Windows 10

advertisment

Petri Newsletters

Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.

advertisment

More in Security

Security

CISA Warns Unpatched VMware Servers Remain Vulnerable to Log4Shell

Jun 24, 2022 | Rabia Noureen

Network Security

QNAP Releases Patch to Fix PHP Security Flaw Affecting Select NAS Devices

Jun 23, 2022 | Rabia Noureen

Cloud Computing and Security

Microsoft Unveils New Edge Secured-Core IoT Devices to Block Firmware Attacks

Jun 22, 2022 | Rabia Noureen

Security

QNAP Warns NAS Users About New DeadBolt Ransomware Campaign

Jun 20, 2022 | Rabia Noureen

Security

Microsoft Defender for Individuals is Now Available on Desktop and Mobile

Jun 16, 2022 | Rabia Noureen

Microsoft logo

Microsoft Acquires Foreign Cyber Threat Analysis Company Miburo

Jun 15, 2022 | Rabia Noureen

Most popular on petri

Article saved!

Access saved content from your profile page. View Saved

Reach out

Contact Us

Advertising

About Us

Media Kit

Learn More

Podcasts

Learning Center

Webinars

Sitemap

Windows

Cloud

Office 365

Servers

Join The Conversation

Create a free account today to participate in forum conversations, comment on posts and more.

Copyright ©2019 BWW Media Group

Terms and Conditions of Use

 |

Privacy Policy