A. Because a machine in a domain uses the domain policy for recovery if the domain does not support EFS (such as a 3.51 or 4.0 domain) EFS is disabled. To get around this perform the following:

  1. Remove the Windows 2000 computer from the Windows NT 4.0 domain.
  2. From the command prompt, type:
    secedit /refreshpolicy machine_policy /enforce
  3. Rejoin the Windows 2000 computer to the Windows NT 4.0 domain.