CIS 170F: Windows 7 Administration

Week 7

Windows 7 Security Features
Data Security
Encrypting File System

  • The Encrypting File System (EFS) was first included with Windows 2000 Professional. EFS encrypts individual files and folders on a partition. EFS is suitable for protecting data files and folders on workstations and laptops. It can also be used to encrypt files and folders on network servers.

  • The process of encrypting a file with EFS.



    To use EFS, users must have a digital certificate with a public key and a private key.

  • From the user perspective, encryption is a file attribute.



    Read more about Encrypting File System (EFS) at:
    http://en.wikipedia.org/wiki/Encrypting_File_System.
  • Files can also be encrypted using the command-line utility Cipher.

  • If a user loses the EFS key, then an encrypted file is unrecoverable with the default configuration.

  • Some of the ways EFS keys may be lost, including:
    • The user profile is corrupted
    • The user profile is deleted accidentally
    • The user is deleted from the system
    • The user password is reset

  • In User Accounts, there is an option for you to manage your file encryption certificates. This option allows you to view, create, and back up certificates used for EFS.

  • Creating a recovery certificate allows the files encrypted by all users to be recovered if required.

  • The steps for creating and using a recovery certificate, including:
    • Create the recovery certificate
    • Install the recovery certificate
    • Update existing encrypted files

  • The steps to work with encrypted files on multiple computers, including:
    • Encrypt the file on the first computer
    • Export the EFS certificate, including the private key from the first computer
    • Import the EFS certificate, including the private key on the second computer
    • Open the encrypted file on the second computer

  • The steps to share encrypted files with other users, including:
    • Export the EFS certificate of the first user, but do not include the private key
    • Import the EFS certificate of the first user into the profile of the second user as a trusted person
    • Second user encrypts the file and shares it with the first user

  • Encrypted files behave differently when copied or moved.

  • the rules that apply for moving and copying encrypted files, including:
    • An unencrypted file copied or moved to an encrypted folder becomes encrypted
    • An encrypted file copied or moved to an unencrypted folder remains encrypted
    • An encrypted file copied or moved to a FAT partition, FAT32 partition, or floppy disk becomes unencrypted if you have access to decrypt the file
    • If you do not have access to decrypt a file, then you get an access-denied error if you attempt to copy or move the file to a FAT partition, FAT32 partition, or floppy disk