T 4.55 Data loss relating to password resets in Windows Server 2003/XP and higher

Windows operating systems Windows Server 2003, Windows XP and higher protect the private keys of local user accounts from being used by administrators. A "local user account" means that the user name and password for the account are only available and can only be used on the corresponding computer. In previous Windows versions, an administrator was able to reset the password for a local user account and then export and use the private keys of the user. In Windows Server 2003/XP and higher, the cryptographic API deletes all private keys stored for a such a user account as soon as the password is reset by an administrator. This response makes it possible to hide information of the utmost confidentiality even from administrators. However, all private keys are lost after the password is reset by an administrator if no backup copies were made. Encrypted data in emails and files will not be available any more in this case.

This response can also lead to the loss of the private keys of the recovery agent for the Encrypting File System (EFS) if the recovery agent was assigned to a local user account. In this case, a recovery agent may be configured. As access to the keys of the user account is not possible, this scenario corresponds to an unavailable recovery agent. The data of those users who are unable to use their own keys any more would be lost in this case.