Security

  • Article

To provide EFS security for user data on a portable computer, do the following:

  • Make sure the users My Documents folder is empty, and then apply EFS protection to this folder. Therefore, all new files that are stored in the EFS-protected folder are encrypted, and all new subfolders that are created in the EFS-protected folder are protected. Users can create as many folders in My Documents as they need. If you add encrypted files to the folder, the user cannot read those files.

  • Apply EFS protection for temporary folders that are used by applications. Applications work with only plaintext because EFS operates in the background. If EFS protection is not applied to the folders where the temporary files are stored, applications can save their temporary files as plaintext to the folders. You can also configure applications to store temporary files in EFS-protected folders.

  • Configure NTFS file system ACLs to prevent users from creating non-EFS-protected folders and from changing EFS settings.