Cannot Gain Access to Microsoft Encrypted File Systems

ID: Q243850

The information in this article applies to:

Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server

SYMPTOMS

If you log on to a server using a mandatory or roaming profile, you may experience one or more of the following behaviors:

You are not able to use the Microsoft Management Console (MMC) tool to enroll for a certificate.
You are not able to communicate with the logon server that contains the profile.
You are not able to gain access to Microsoft Encrypted File Systems or encrypt new files or folders.

STATUS

This behavior is by design.

MORE INFORMATION

When you log on using a mandatory profile, you do not have permissions to generate new public or private keys. When you log off, these keys are lost, because you you do not have permissions to permanently modify the profile. You would not be able to gain access to any data that you were able to encrypt.

To prevent this problem, Windows 2000 returns the NTE_TEMPORARY_PROFILE error message when you attempt to generate a new key and you are using a mandatory or cached local temporary profile.

For additional information on EFS, click the article numbers below to view the articles in the Microsoft Knowledge Base:

Q230520 How to Encrypt Data Using EFS in Windows 2000

Q223316 Best Practices for Encrypting File System

For additional information on Windows NT 2000 Security Services, including Private and Public Certificates, please visit the following Microsoft Web site:

http://www.microsoft.com/NTServer/security/deployment/training/seminars.asp

Additional query words: Certificates, public/private keys

Keywords : kbnetwork ntdomain ntsecurity
Version : WINDOWS:2000
Platform : WINDOWS
Issue type : kbprb