August 2000
Intermediate to advanced
800 pages
21h 5m
English
Content preview from Microsoft® Windows® 2000 Security HandbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Using EFS
EFS must have a recovery agent available before a file can be encrypted. In a default installation, the recovery agent is always available, but it can be disabled; in that case you get an error message indicating the operation cannot happen. Later in this section, you will see how to disable EFS, enable EFS, and back up recovery agent's certificate.
You cannot encrypt system files or folders; an error message indicates access denied. You can ignore the message or just cancel; it is better to cancel the operation because you do not want to accidentally encrypt any file needed for boot (the boot code, hal, kernel, drivers, services, and dependencies). At boot time, there is no impersonation process and boot files cannot be decrypted. ...