CIS 170F: Windows 7 Administration

Week 5

Managing File Systems
Encrypted File System (EFS)

  • If you need to protect files on your system from being read by unauthorized users, you can use the Encrypted File System (EFS) feature that works independently of the NTFS permissions. Note that Windows 7 Home Basic, Home Premium, and Starter Edition do not fully support EFS (search Windows Help and Support for information on using EFS data with these versions).
  • When a file is encrypted, the data stored on the hard disk is scrambled in a very secure way. Encryption is transparent to the user who encrypted the file; you do not have to "decrypt" an encrypted file before you can use it. You can work with an encrypted file just as you would any other file; you can open and change the file as necessary. However, any other user or an intruder who tries to access your encrypted files is prevented from doing so. Only the original owner and the computer's designated recovery agent can get into encrypted files. Anyone else receives an "Access Denied" message when trying to open or copy your encrypted file.
  • Folders can be marked as encrypted, too. This means that any file created in or copied to an encrypted folder is automatically encrypted. The folder itself isn't encrypted, though; anyone with the proper file access permissions can see the names of the files in it.
    • EFS encryption protects the files only while they reside on the NTFS volume. When they are accessed for use by an application, they are decrypted by the file system drivers. This means that files that are encrypted on the drive are not encrypted in memory while being used by an application. This also means that transferring files over the network is done without encryption. Any file action that performs a copy (which includes moves across partitions or volumes) inherits the settings of its new container. In other words, if the new container is not encrypted, the new file will not be encrypted, either, even if it was encrypted in its previous location. If you back up EFS-protected files, they are stored on the backup media in their normal form, not as encrypted. EFS protects files only on the hard drive, nowhere else. Use EFS only when expressly needed. EFS causes significant performance reduction if a significant number of commonly accessed files are encrypted, due to the CPU processing required to decrypt them for use.