Home | Resource Guides | Tech Tips | Network Administration | Hardware | Certification

Tech Tips › Windows XP › Security

Tech Tips / Windows XP / Security

Important things to know about EFS

Windows XP's Encrypting File System (EFS) can help you secure important files. Even though EFS shipped almost three years ago with Windows 2000, it's still very safe.

Since its inception, EFS has not been hacked; however, this doesn't mean you are safe from attack. You still must configure and manage EFS and follow security best practices.

The first thing you should do is ensure that your users are using effective passwords. If they aren't, EFS won't help. No technology can help if passwords are weak. For instance, EFS can encrypt files, but if an attacker gets to a user's password, the hacker can access the user's EFS encrypted files. There's no need to hack EFS if you can obtain another user's password.

Secondly, users should export their certificates and keep them in a secure place. If certificates fall into the wrong hands, EFS security is breached. You'll also have problems if you lose your certificate. This is true, for instance, if you encrypt files but forget to export the certificate and then reinstall the operating system. If you used a local account, your files would be lost, and would not be retrievable. Always remember to export the certificate and keep it in a safe place.

EFS is a very important feature. If you use it on your computer, make sure you read everything about it in the Help and Support Center.

Note: EFS is available on Windows XP Professional computers that have NTFS partitions only. EFS isn't available for FAT32.