Windows 11 users cannot access encrypted files when working remotely
Description
Windows 11 users are able to access their encrypted files while connected to the corporate domain network, but when attempting to open the same files when working remotely, they don't have access.
How to identify the problem
The problem presents itself after a Windows 11 user's Active Directory password has been changed and then the device is rebooted whilst it's not connected to the corporate domain network.
When opening an encrypted file an error message comes up that says: "You do not have permission to open this file."
What caused this problem?
When a device encrypts data for the first time, an encryption certificate is issued to secure the files. As part of this process, a DPAPI MasterKey, which is based on the user's current password, is created. During the creation of the DPAPI MasterKey, an attempt is made to back up this master key by contacting your domain controller.
In older operating systems (like Windows 10) if the client fails to contact a domain controller during the backup of the MasterKey, the creation of the master key is still allowed, and a local backup is created.
A bug in Windows 11 prevented this behaviour and required the MasterKey to be available on the domain controller.
How do I resolve this problem?
Microsoft released the KB5017328 update on 13 September 2022 to address this issue. Install the Windows update that is listed as "Cumulative Update for Windows 11 for x64-based Systems (KB5017328)".
Check if the problem has been fixed
Disconnect from the network and restart the device. Log into the device without a network connection and attempt to access encrypted files. The files should be accessible.
Users may need to connect their devices to the domain network at least once before restarting so that the issue can be resolved.