Stands for Encrypting File System, a feature of NTFS on Windows 2000 that supports encryption of files and folders on NTFS volumes.


NTFS permissions on Windows NT systems provide a way of securing files and folders from unauthorized local access. For example, if two users share the use of a computer, assigning full control for each user to his own files prevents the users from accessing each other’s files. Administrators have the right to take ownership of any files on the system, however, but normally users with administrative privileges are considered trustworthy.

A problem could occur if someone illicitly gained access to a user’s Windows NT computer and removed the hard drive from the system. The person could then install the NTFS drive in her own computer, log on as the local Administrator for that computer, and take ownership of any files on the stolen drive. NTFS permissions themselves therefore cannot protect data from the theft of the hard drive itself.

Additionally, third-party utilities have been developed for Windows NT that allow users to boot their computer from a floppy disk and access NTFS partitions directly. These utilities, though of some administrative use in troubleshooting situations, nevertheless pose a security risk for sensitive data stored on physically accessible, Windows NT systems.

NTFS on Windows 2000 systems adds the security feature of encryption to NTFS permissions in order to deal with the scenarios described earlier. Files ...

Get Windows 2000 Administration in a Nutshell now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.