If you wish to disable EFS on a computer that is not a member of a Windows 2000 domain:

01. Log on using the built-in Administrator account.

02. Start / Run / secpol.msc / OK.

03. Press the plus sign (+) next to Public Key Policies and press Encrypted Data Recovery Agents.

04. Right-click the file recovery certificate that is issued to Administrator and press All tasks / export.

05. Press Next.

06. Select No, do not export the private key and press Next.

07. Select the DER Encoded Binary X.509 (.CER) option and press Next.

08. Enter a filename when prompted and press Next.

09. Verify the options that you select and press Finish.

10. Press OK when the export was successful dialog is displayed.

11. Start / Run / secpol.msc / OK.

12. Press the plus sign (+) next to Public Key Policies and press Encrypted Data Recovery Agents.

13. Right-click the file recovery certificate that is issued to Administrator and press Delete.

14. When prompted to Permanently delete the selected certificate, press Yes.

15. Close the MMC and retart your computer.

If you wish to enable EFS after performing the above 15 steps:

01. Log on using the built-in Administrator account.

02. Start / Run / secpol.msc / OK.

03. Press the plus sign (+) next to Public Key Policies.

04. Right click Encrypted Data Recovery Agents and press Add.

05. Press Next and Browse Folders.

06. Open the certificate that you exported in step 08 above. Don't worry that the users is USER_UNKNOWN.

07. Press Next and Finish.

08. Press OK to The certificate cannot be validated message and press OK.