| < Day Day Up > |
|
It’s deceptively simple to encrypt and decrypt files in Windows Small Business Server. Of course, anything that’s sensitive enough to be encrypted should be treated very carefully, so take time to plan before implementing file and folder encryption.
Encrypting folders with the Encrypting File System (EFS) is as easy as setting any other folder attribute, such as Hidden or Read-Only. To encrypt a folder, complete the following steps:
In Windows Explorer, right-click the folder and choose Properties.
On the General tab, click Advanced.
Select the Encrypt Contents To Secure Data check box.
Caution | Encrypt entire folders only. If you encrypt individual files but not their folders, a program might create a temporary file (which won’t be encrypted) and then save the file over the original file, thereby leaving the file decrypted. |
Note | Remember that system files, compressed files, and files on partitions other than NTFS can’t be encrypted using EFS. Further, a drive’s root folder cannot be encrypted. |
Like other files, encrypted files can be moved and copied with the Edit menu commands Cut, Copy, and Paste. Files moved or copied using drag-and-drop editing do not necessarily retain their encryption. You can also rename encrypted files as you do any other file. Any files or folders subsequently added to an encrypted folder are encrypted as well.
Caution | Encrypted files and directories are not immune from deletion. Any user with appropriate rights can delete an encrypted file. |
Note | To ensure the security of temporary files that have been created by applications, mark your system’s Temp folder for encryption. |
Encryption Best Practices
Here are some encryption best practices to consider:
Encrypt the My Documents folder of sensitive desktops and laptops.
Encrypt the Temp folders of appropriate user profiles to protect temporary data, or data that was marooned in the Temp folder following a program crash.
If you use spool files while printing, encrypt the Spool folder.
Don’t tamper with the RSA folder; this is the repository for EFS keys.
EFS allows a user to permanently reverse the encryption process. (Any encrypted file is also decrypted whenever a user or application accesses it.)
To decrypt a file or a folder, complete the following steps:
In Windows Explorer, right-click the file or folder and choose Properties.
Select the General tab and click Advanced.
Clear the Encrypt Contents To Secure Data check box.
| < Day Day Up > |
|