Encrypting File System
Encrypting File System (EFS) is a new feature in Microsoft® Windows® 2000. EFS protects sensitive data in files that are stored on disk using the NTFS file system. It uses symmetric key encryption in conjunction with public key technology to provide confidentiality for files. It runs as an integrated system service, which makes EFS easy to manage, difficult to attack, and transparent to the file owner and to applications. Only the owner of a protected file can open the file and work with it, just as with a normal document. Others are denied access to the protected file. However, recovery administrators (whom you can designate) have the ability to recover protected files if that becomes necessary.
For more information about the NTFS file system, see "File Systems" in the Microsoft ® Windows ® 2000 Server Operations Guide .
For more information about Windows 2000 Certificate Services, see "Windows 2000 Certificate Services and Public Key Infrastructure" in this book.
For more information about the basic concepts of cryptography, including symmetric key encryption and public key technology, see "Cryptography for Network and Information Security" in this book.