Securing Local Data

Encryption of stored files in Windows Server 2003 is accomplished through the use of EFS. Using public-key encryption, EFS allows files and directories stored on NTFS partitions to be encrypted and decrypted transparently. EFS accesses the user’s EFS public and private keys to perform self-encryption. Therefore, files encrypted with EFS can’t be shared with (that is, encrypted to) other users. Another encryption method, such as S/MIME, must be used to securely share files with other users. In addition, if files encrypted with EFS are saved to another machine, the user’s key information must be imported to that machine for decryption to occur.

Files are automatically encrypted to a third party, called a recovery agent. In ...

Get Microsoft® Windows Server 2003: Administrator’s Companion now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.