Windows 7 Security Features
Data Security
Encrypting File System
- The Encrypting File System (EFS) was first included with Windows 2000 Professional. EFS encrypts individual files and folders on a partition. EFS is suitable for protecting data files and folders on workstations and laptops. It can also be used to encrypt files and folders on network servers.
- The process of encrypting a file with EFS.
To use EFS, users must have a digital certificate with a public key and a private key.
- From the user perspective, encryption is a file attribute.
Read more about Encrypting File System (EFS) at:
http://en.wikipedia.org/wiki/Encrypting_File_System.
- Files can also be encrypted using the command-line utility Cipher.
- If a user loses the EFS key, then an encrypted file is unrecoverable with the default configuration.
- Some of the ways EFS keys may be lost, including:
- The user profile is corrupted
- The user profile is deleted accidentally
- The user is deleted from the system
- The user password is reset
- In User Accounts, there is an option for you to manage your file encryption certificates. This option allows you to view, create, and back up certificates used for EFS.
- Creating a recovery certificate allows the files encrypted by all users to be recovered if required.
- The steps for creating and using a recovery certificate, including:
- Create the recovery certificate
- Install the recovery certificate
- Update existing encrypted files
- The steps to work with encrypted files on multiple computers, including:
- Encrypt the file on the first computer
- Export the EFS certificate, including the private key from the first computer
- Import the EFS certificate, including the private key on the second computer
- Open the encrypted file on the second computer
- The steps to share encrypted files with other users, including:
- Export the EFS certificate of the first user, but do not include the private key
- Import the EFS certificate of the first user into the profile of the second user as a trusted person
- Second user encrypts the file and shares it with the first user
- Encrypted files behave differently when copied or moved.
- the rules that apply for moving and copying encrypted files, including:
- An unencrypted file copied or moved to an encrypted folder becomes encrypted
- An encrypted file copied or moved to an unencrypted folder remains encrypted
- An encrypted file copied or moved to a FAT partition, FAT32 partition, or floppy disk becomes unencrypted if you have access to decrypt the file
- If you do not have access to decrypt a file, then you get an access-denied error if you attempt to copy or move the file to a FAT partition, FAT32 partition, or floppy disk