Using the Encryptable File System (EFS)

Using the Encryptable File System (EFS)
Last Updated: 14 Aug 2004
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

*** PLEASE NOTE: Link(s), If Provided, May Be Wrapped ***


Windows 2000, XP and 2003 all support EFS, or the
Encryptable File System.  This introduces native, secure
file-level encryption to Windows via the NTFS file system.

EFS is powerful, but more importantly it is dangerous if
one does not understand all of the concepts involved,
particularly Key Recovery.

It is very important that Key Recovery be performed PRIOR
to deploying EFS, if you want to have a good chance at
recovery in the event of a problem (such as a formatted OS
partition).

Here are some guides to using EFS:

• http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx
• http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/prnb_efs_qutx.asp
• http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/efsguide.mspx
• http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sharefilesefs.mspx
• http://www.microsoft.com/resources/documentation/windows/xp/all/reskit/en-us/prnb_efs_yzfa.asp


KEY RECOVERY PRECAUTIONS

• http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/prnb_efs_unwq.asp
• http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx#XSLTsection126121120120


EFS DATA RECOVERY

• http://www.microsoft.com/resources/documentation/windowsserv/2003/standard/proddocs/en-us/sag_seconceptsimprecover.asp
• http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_seconceptsimprecover.mspx
• http://support.microsoft.com/?KBID=223316
• http://support.microsoft.com/?KBID=290260
• http://support.microsoft.com/?KBID=255742


WHITEPAPERS & TECH DOCUMENTS

• http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx
• http://www.ntfs.com/internals-encrypted-files.htm


PERSONAL NOTES

• Aug 2004: Pay special attention to Key Recovery. This
  cannot be emphasized enough.


RELATED TOPICS (ALSO IN THIS ARCHIVE)

• http://KB.UltraTech-llc.com/?File=FileSys.TXT
• http://KB.UltraTech-llc.com/?File=Passwords.TXT
• http://KB.UltraTech-llc.com/?File=Perms.TXT
• http://KB.UltraTech-llc.com/?File=Security.TXT
• http://KB.UltraTech-llc.com/?File=SetPerms.TXT
• http://KB.UltraTech-llc.com/?File=UserAcct.TXT
• http://KB.UltraTech-llc.com/?File=UserMgr.TXT
• http://KB.UltraTech-llc.com/?File=Utils.TXT
• http://KB.UltraTech-llc.com/?File=Windows.TXT