Encrypting File System (EFS) is an NTFS 5.0 feature that lets Windows users
protect the confidentiality of files on an NTFS-formatted drive. Microsoft introduced
NTFS 5.0 and EFS in Windows 2000 and enhanced the EFS functionality and feature
set in Windows Server 2003 and Windows XP. These enhancements included support
for sharing EFS-encrypted data and EFS support for offline folders. (For a detailed
overview of some of these changes, see "EFS Enhancements in Windows XP," July
2002, InstantDoc ID 25410.)
Now, further EFS enhancements are on their way in the next wave of Microsoft client and server OSs— Windows Vista, the new client OS that will debut within the next six months, and Windows Longhorn Server, the server OS that will debut in 2007. Let's examine the basic functionality of EFS, then dive into the new functionality on the Vista and Longhorn horizons.
What EFS Does
Using EFS to encrypt the content of files and folders is relatively straight-forward:
Windows users can simply select the Encrypt contents to secure check
box in a file's advanced properties or choose the Encrypt command in a file
or folder's shortcut menu. The Encrypt/Decrypt shortcut menu option is a little-known
feature that's disabled by default. To enable it, you must add the EncryptionContext
Menu value with REG_DWORD data value 1 to the HKEY_LOCAL_MA CHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\ Advanced registry subkey. . . .
Register
