Introduction to using Encrypting File System

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Introduction to using Encrypting File System

Encrypting File System (EFS) allows users to store their on-disk data in encrypted format.

Encryption is the process of converting data into a format that cannot be read by another user. Once a user has encrypted a file, the file automatically remains encrypted whenever the file is stored on disk.

Decryption is the process of converting data from encrypted format back to its original format. Once a user has decrypted a file, the file remains decrypted whenever the file is stored on disk.

EFS provides the following features:

  • Users can encrypt their files when storing them on disk. Encryption is as easy as selecting a check box in the file's Properties dialog box.

  • Accessing encrypted files is fast and easy. Users see their data in plaintext when accessing the data from disk.

  • Encryption of data is accomplished automatically, and is completely transparent to the user.

  • Users can actively decrypt a file by clearing the Encryption check box on the file's Properties dialog box.

  • Administrators can recover data that was encrypted by another user. This ensures that data is accessible if the user that encrypted the data is no longer available or has lost their private key.

EFS only encrypts data when it is stored on disk. To encrypt data as it is transported over a TCP/IP network, two optional features are available--Internet Protocol security (IPSec) and Point-to-Point Tunneling Protocol (PPTP) encryption.