Windows

Tech Tip: Learn about improvements to EFS


One of Windows 2000's most compelling features was the introduction of the Encrypting File System (EFS). Windows Server 2003 improves this system with a variety of new features, many of which work best with Windows XP Professional clients. (Windows XP Home Edition does not support EFS.)

Let's look at some of the main enhancements to EFS:

  • New encryption methods: In addition to the Data Encryption Standard X (DESX) encryption used in Windows 2000, Windows Server 2003 supports 3DES and AES.
  • Sharing encrypted files: In Windows 2000, only the user who encrypted a file had access to it. In Windows Server 2003, you can grant access to an encrypted file to additional users using their individual certificates. However, you can't add groups of users.
  • Visual improvements: First, encrypted files now appear in green in the directory listings to help better differentiate between them and other files. Second, when copying a file to a location that doesn't support EFS, the system will warn the user before completing the move.
  • Secure transfer using WebDAV: Prior to Windows Server 2003, EFS first decrypted an encrypted file before transmitting it across the network. In Windows Server 2003, the file remains encrypted if you use IPSec or WebDAV.

Getting started with file encryption is easy as long as you're using files on an NTFS partition. Right-click a file, and choose Properties. On the General tab, click the Advanced button. In the Advanced Attributes dialog box, select the Encrypt Contents To Secure Data check box, and click OK until you're back at the file listing. The newly encrypted file will now show up in green.

Editor's Picks