EFS Architecture
To troubleshoot EFS, or to be able to design proper EFS recovery and EFS policy for the organization, you must understand how EFS works.
EFS is a component of the NTFS file system of Windows 2000 and above. Thus, its operations are mostly transparent to the user and to the application that needs to open and close the files. If the user has the ability to encrypt and decrypt the files, when the file is opened, it is decrypted, and when it is saved, it is encrypted. The setup of shared EFS files is not transparent.
File System Operations
Several operating system components both in user space and in the kernel participate in the operation of the EFS. These components are listed and described in Table 6-2.
Get Windows Server 2003 Security: A Technical Reference now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.