Windows 2000 includes the ability to encrypt files and folders. This type of encryption involves the use of software keys to scramble and restore data. The different types of keys and how they work together are described later in this section. First, you have to determine if the benefits of encryption outweigh the possible consequences.
Because encryption is standard on every Windows 2000 computer, by default, almost anyone with a user account on the network can encrypt files and folders. If a user has encrypted files and folders and leaves the company or otherwise loses the recovery key, it can cause a lot of headaches. Most of the time, with some effort, the encrypted files can be fully recovered. This can become very time consuming if there is a large number of files in multiple locations or if many different encryption keys were used.
The Windows 2000 encryption and decryption process is transparent to the user. After a folder has been configured to encrypt its contents by checking a box in the folder’s advanced properties, the owner of the file can treat the file just like an unencrypted file. The decryption is performed automatically when the authorized user opens the file. The file is reencrypted when the user closes the file. Storing a file in a folder that’s set up to encrypt its contents is all that’s needed to take full advantage of the built-in Windows 2000 encryption system.
There are a few basic limitations of EFS that may convince ...