Sunday, August 12, 2012

Encrypt Files using Encrypting File System (EFS)

File Encryption is often used to protect files from unauthorized access to confidential files in contrast to assigning NTFS and Sharing permission Encrypted Files is another protection level which ignore these permission.

Encrypting File System (EFS) is a feature included in windows OS that allow us to store files in encrypted format.

Its easy to enable Encrypting File System (EFS) on workstation for personal use with few steps to consider to recover them.

But applying it in a domain environment is harder, as a system administrator its common to be requested to protect Executives data and confidential information using encryption, below steps shows how to enable Encrypting File System (EFS) in domain environment.
  • Prerequisites:
    • A certificate Authority (CA) to issue certificate to your users who will Encrypt File or Recovery Agents who will decrypt these files.
    • Define EFS policy in your domain, to control your Encryption process and recovery Agents. Under computer configuration > windows settings > security settings > public Key Policies > Encrypting File System.
  • The Process:
    • After Completing your Prerequisites mentioned above, go the desired folder to be encrypted and right click select properties then advanced check the Encrypt content to secure data.

    • the files under that folder will turn to green being encrypted.

At this point the user and the defined recovery agent in the EFS Policy are the only users allowed to read this content.

This post was a quick guide to enable Encrypting File System (EFS) to protect content and files in domain environment.

Post a Comment