Troubleshoot encrypted files and folders

Here are solutions to some common problems with encrypted files and folders.

Show all

I want to encrypt a file, but the Advanced button is not on the Properties dialog box.

Encrypting File System (EFS) only works on computers that use the NTFS file system. If the file you want to encrypt is on a volume that uses the FAT or FAT32 file system, you need to convert the volume to NTFS to make the Advanced button appear. For more information, see Convert a hard disk or volume to NTFS format.

When I tried to open an encrypted file, I was denied access.

The file was encrypted using a key that is either not on your computer or has not been imported. If you transferred the file from another computer, you need to get the key from that computer. If the file was encrypted by someone else, that person will need to add your certificate to the file before you can access it. See Share encrypted files for instructions about sharing encrypted files with another person.

When I was encrypting a file, I got this message: "Recovery policy configured for this system contains invalid recovery certificate."

This means that one or more of the recovery agent certificates on the computer are expired. To encrypt the file, you have to renew the certificate. If your computer is on a domain, contact the system administrator.

I can't open my files after transferring them to a different computer.

Your encrypted files and EFS certificate and key can be migrated from a computer running Windows 2000 or Windows XP to this version of Windows, or from one computer running this version of Windows to another computer running this version of Windows using the Windows Easy Transfer wizard. The first time that you log on to Windows after the migration, you might be prompted to provide your password from the old computer to update the files that you transferred to your new account. The EFS certificate and key are included in the files. If you cancel the prompt or do not provide the correct password, you will not be able to open the encrypted files that were transferred.

You can still recover the files by importing the EFS certificate and key that was used on your old computer. For more information, see Recover encrypted files or folders. You can also recover the files by following these steps:

  1. Open the Command Prompt window by clicking the Start button Picture of the Start button, clicking All Programs, clicking Accessories, and then clicking Command Prompt.

  2. Type dpapimig.exe, and then press Enter.

  3. Type the password that you used on your old computer, and then click Confirm my account information and update content protection.

    You should be able to open your files.


  • Windows Easy Transfer does not transfer EFS certificates and keys from Windows 2000 computers. If your transfer is from a computer running Windows 2000, you must export your EFS certificate and key from the computer running Windows 2000, and then import that certificate and key to your profile on the computer running this version of Windows.