Commenting on the loss of user data below: I don't think this is a critical issue. By default Win2K/XP adds the local Administrator as a Encrypted Data Recovery Agent. So while the pain-in-the-arse factor is there of needing to reset the password via the admin account, any encrypted data won't be lost due to loss of private key. The Administrator can still recover the data, then the user can re-encrypt it with his/her new credentials. Geoff Sweet Systems Engineer World Vision (www.worldvision.org) II. Problem with reset password disk Windows XP introduced a new feature - "Password Reset Disk", which can be used to recover user account and personalized computer settings if a user forgets his password. The problem is that in certain conditions (Minimum password age <> 0) user may not be able to reset his password using above mentioned disk and the only solution is the reset password feature available to the Administrator. First, make sure the "Minimum password age" policy is set to a value other than 0. Now, supposing the user forgets his password before it's age expires, he will not be able to reset it with the disk until the password expires. What's more, changing password by an Admnistrator using MMC or control panel (in other words - GUI) leads to user data loss (i.e. EFS files) because of private key loss. The only solution seems to be "net user" command issued by an administrator.
