Apply Your Knowledge

Exercises

5.1. Disabling EFS on a Windows 2000 Professional Computer

If EFS is not used in your environment, it should be disabled. This is easy to do. The following instructions are for a Windows 2000 Professional computer.

Estimated Time: 5 minutes

1.
Open Start\Programs\Administrative Tools\Local Security Policy.
2.
Navigate to and expand the Public Key Policies container.
3.
Select the Encrypted Data Recovery Agents container.
4.
Right-click the certificate in the details pane labeled file recovery and select Delete. In Windows 2000, when no file recovery agent exists, file encryption cannot take place. (This is not true in Windows XP. Windows XP Professional requires a different process to disable EFS.)
5.
Right-click the ...

Get CISSP Training Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.