Encrypting File System
Applies To: Windows Server 2008, Windows Vista
Encrypting File System (EFS) is a core encryption technology that enables you to encrypt files stored on NTFS volumes.
Product Evaluation
Encrypting File System (from Changes in Functionality from Windows Server 2003 with SP1 to Windows Server 2008)
An overview of EFS in Windows Server 2008 detailing several important enhancements to EFS such as the ability to store encryption certificates on smart cards, per-user encryption of files in the client side cache, additional Group Policy options, and a new rekeying wizard.
Planning and Architecture
-
Discusses the use of EFS in a business environment and includes tools to facilitate its implementation.
-
Discusses threats to information at rest and mitigations, including EFS.
Technical Reference
The following documents discuss the functionality of EFS as it existed prior to the release of Windows Vista® and Windows Server 2008. The changes since Windows Server 2003 are described in the Product Evaluation section.
Protecting Data by Using EFS to Encrypt Hard Drives (Windows Server 2003)
Describes the role of EFS and how you can use EFS to protect information.
Encrypting File System in Windows XP and Windows Server 2003
Technical walkthrough that illustrates how to use EFS and best practices to build an effective data recovery and protection strategy.
Encrypting File System Technical Reference (Windows Server 2003)
An overview of EFS in Windows XP and Windows Server 2003.
The Windows Server 2003 Family Encrypting File System
Discusses the architecture of EFS including operation, data recovery, and the EFS components; how to use EFS, both from the shell and programmatically and EFS security.
Additional Resources
Data Encryption Toolkit for Mobile PCs
Tested guidance and powerful tools to help you protect your data. The guidance shows you how to optimize EFS and BitLocker Drive Encryption.