System & Network Status: All systems functioning                 
Information TechnologySkip Navigation
Status Bar
Home
Services
Support
News and Publications
About Us
Projects

EFS FAQ

What is EFS?
EFS (Encrypted File System) is a built in security feature of Windows 2000 and XP. EFS allows clients to add an extra level of security for folders and files on their computer.

What can be encrypted with EFS?
EFS can encrypt files or folders on NTFS volumes on Windows 2000 or XP (Not NT or 98). Generally only internal hard disks are NTFS volumes. However, some external media like tape drives can be NTFS as well.

What should be encrypted with EFS?
Folders (not individual files)
Documents requiring extra security (for example SSN’s, private student info, or personnel info)

What can NOT be encrypted with EFS?
Shared Folders
System Folders
Compressed Folders

What exactly does encryption do?
EFS scrambles files, allowing them to be opened only by the user who encrypted them. This prevents an intruder from accessing sensitive data.

What does encryption NOT do?
EFS does not prevent an intruder from deleting a folder or file. Additionally, a catastrophe like a fire, flood, or hard disk crash could destroy the file. Therefore, it is imperative that you back up your files regularly and store the backup in a secure location.

What else must users do to protect their data?
Protect your username and password
Logoff or lock your workstation when not in use
Take care not to inadvertently unencrypt sensitive documents

How can a file be unencrypted?
Manually
When the file is moved or copied via: emails, floppy disks, zip disks, or CD-ROMs.
Through the recovery process

What is the Recovery Process?
The recovery process is a complicated procedure that allows domain administrators to access an encrypted file. It is available in case windows crashes, a user’s account is corrupted, or a user’s encryption key is lost. It requires physical access to the data and can’t be done remotely (for example through the network). Written approval of the appropriate manager is required and there may be some delay before an encrypted file can be restored.

What happens if a file is moved or copied to another location?
It remains encrypted if it is moved or copied to an NTFS volume on the same computer.
It becomes unencrypted if it is moved or copied to an external drive, email, or another computer across the network.

What advanced features are available with EFS?
Exporting Encryption Key (expedites data recovery if Windows crashes)
Using External Encryption Key (adds additional level of security)

Support FAQ

Contact Info Search Home
This page is maintained by CalState Fullerton Information Technology. Report problems to the IT Webmaster. California State University, Fullerton ©2005. All Rights Reserved.