W2K Encrypting File System

Windows 2000 Pro includes an Encrypting File System ( EFS ) driver that renders
volumes and files on NTFS volumes unreadable without the decryption key. You can
encrypt at the folder or individual file level. It is best to use directory
level encryption because anything created in the folder will be automatically
encrypted, including temporary files generated by applications. If you have a
laptop or a PC with sensitive data, EFS provides decent privacy protection.
Remember that laptops are valuable, portable, and often stolen.

To use the Encrypting File System in W2K:

  • Right-click the folder or file you want to encrypt
  • Choose Properties
  • Click Advanced in the Attributes section of the General tab
  • Select the option Encrypt Contents To Secure Data in the Advanced Attributes
    dialog box
  • Click OK and close the Properties sheet.
The Encrypting File
System driver and the NTFS compression driver are mutually exclusive. You can
use one or the other on a folder or file, but not both.

The cleanest method for recovering encrypted files in a domain environment is
to use the Backup utility. This is a very safe method. It can be made more
secure by requiring the DRA to authenicate via a smart card. The steps involved
in performing a recovery:

  • Log on as Administrator to the machine with the encrypted files.
  • Run Backup and back up the encrypted files and/or folders that you want to
  • Log off and then log on to the secured machine that contains the DRA’s
    private key using the account with the DRA for the logon.
  • Restore the files/folders from the backup.
  • Decrypt the files/folders you just restored.
In a domain there can
be multiple recover agents. To decrypt the files successfully, you must have
logged on with the recovery agent that was used during the encryption.

Another method to recover encrypted files is to export the DRA’s private key
and use it on a computer with encrypted data. This method is a bit faster than
using Backup but it’s not as secure because you have to import the private key
to a destination machine.

  • Log on to the machine containing the DRA’s private key.
  • Open an empty MMC and load the Certificates snap-in.
  • To export the agent’s private key, right-click on the certificate, select
    Export, and indicate that you want to export the private key.
  • Copy the file with the private key to the machine that has the encrypted
  • On the destination machine, use the Certificates snap-in to import the DRA’s
    private key file.
  • Decrypt the files.
  • Once you are sure the operation was successful, make sure you don’t leave
    the imported private key on the machine. Doing so could compromise EFS security.

Elcomsoft has created Advanced EFS Data Recovery to decrypt
files encrypted on NTFS partitions in Windows 2000. Files can be decrypted even
in a case when the system is not bootable and so you cannot log on, and/or some
encryption keys have been tampered. Besides,they say decryption is possible even
when Windows is protected using SYSKEY.

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top