Windows XP does not store passwords with reversible encryption by default, and the Protected Storage service which stores saved passwords for web sites, network shares, and files encrypted with the encrypting file system on NTFS depends on the user's password.

As a result, passwords and EFS documents are lost if an administrator resets a Windows XP password, as there is no way to retrieve the original password. This may also happen in a Windows NT or Windows 2000 computer or domain if reversible encryption for passwords is disabled.

To avoid this, users should change their own passwords so the Protected Storage service can re-write stored passwords and EFS keys with the new password. But if an administrator must reset a user's password, the user can still recover their saved passwords and EFS files with a password reset disk.

Microsoft's Knowledge Base articles 305478 and 306214 provide instructions for using a password reset disk. For stand-alone computers, create a password reset disk by clicking "Prevent a Forgotten Password" when you choose a password in the User Accounts control panel. If a password is reset, the user can log on to the computer using the password reset disk instead of the old password, and they may choose a new password shortly after.


Log in or register to write something here or to contact authors.