Encrypting File System

Encrypting File System (EFS) is a new feature in Microsoft® Windows® 2000. EFS protects sensitive data in files that are stored on disk using the NTFS file system. It uses symmetric key encryption in conjunction with public key technology to provide confidentiality for files. It runs as an integrated system service, which makes EFS easy to manage, difficult to attack, and transparent to the file owner and to applications. Only the owner of a protected file can open the file and work with it, just as with a normal document. Others are denied access to the protected file. However, recovery administrators (whom you can designate) have the ability to recover protected files if that becomes necessary.

In This Chapter

Introduction to EFS

Planning EFS Implementation

Recovery Policy

Certificates

Administrative Procedures

Using the System Key

Printing EFS Files

Troubleshooting EFS