Tech Tips / Windows XP / Security

A few more EFS best practices

The following are some tips that will help you more efficiently use the Encrypting File System (EFS) in Windows XP:

Always encrypt folders, not individual files. Many applications (like Word) create temporary files in the same folder. If you encrypt only individual files, the temporary files are not encrypted.
Encrypt your "My Documents" folder.
Encrypt %Temp% and %tmp% folders.
Export your certificate and private key and keep them in a safe place.
Export Recovery Agent's certificate and private key and keep them in a safe place.
If you transfer sensitive data over the network, use IPSec. When you send an EFS encrypted file over the network, the file is decrypted and sent in plaintext. IPSec allows you to encrypt the data for transmission over the network.
When you print, don't use spool files or encrypt the spool folder.

You cannot encrypt files with system attributes, or files in the %SystemRoot% folder and its subfolders.

Note: EFS is available on Windows XP Professional computers that have NTFS partitions only. EFS isn't available for FAT32.

Submit your Tech Tips

If you're an experienced IT professional and would like to share your expertise with other Setup32.com readers, why not submit a new tip to our Tech Tips area?

Latest Tech Tips in this category

Certification Links

Pass your MCSE certification exams with EasyCert - the most realistic exam simulations available today! Click the links bellow for free MCSE demos.