Encrypting Sensitive Data

 < Day Day Up > 



It’s deceptively simple to encrypt and decrypt files in Windows Small Business Server. Of course, anything that’s sensitive enough to be encrypted should be treated very carefully, so take time to plan before implementing file and folder encryption.

Encrypting Folders

Encrypting folders with the Encrypting File System (EFS) is as easy as setting any other folder attribute, such as Hidden or Read-Only. To encrypt a folder, complete the following steps:

  1. In Windows Explorer, right-click the folder and choose Properties.

  2. On the General tab, click Advanced.

  3. Select the Encrypt Contents To Secure Data check box.

Caution 

Encrypt entire folders only. If you encrypt individual files but not their folders, a program might create a temporary file (which won’t be encrypted) and then save the file over the original file, thereby leaving the file decrypted.

Note 

Remember that system files, compressed files, and files on partitions other than NTFS can’t be encrypted using EFS. Further, a drive’s root folder cannot be encrypted.

Like other files, encrypted files can be moved and copied with the Edit menu commands Cut, Copy, and Paste. Files moved or copied using drag-and-drop editing do not necessarily retain their encryption. You can also rename encrypted files as you do any other file. Any files or folders subsequently added to an encrypted folder are encrypted as well.

Caution 

Encrypted files and directories are not immune from deletion. Any user with appropriate rights can delete an encrypted file.

Note 

To ensure the security of temporary files that have been created by applications, mark your system’s Temp folder for encryption.

start sidebar
Real World

Encryption Best Practices

Here are some encryption best practices to consider:

  • Encrypt the My Documents folder of sensitive desktops and laptops.

  • Encrypt the Temp folders of appropriate user profiles to protect temporary data, or data that was marooned in the Temp folder following a program crash.

  • If you use spool files while printing, encrypt the Spool folder.

  • Don’t tamper with the RSA folder; this is the repository for EFS keys.

end sidebar

Decrypting Files and Folders

EFS allows a user to permanently reverse the encryption process. (Any encrypted file is also decrypted whenever a user or application accesses it.)

To decrypt a file or a folder, complete the following steps:

  1. In Windows Explorer, right-click the file or folder and choose Properties.

  2. Select the General tab and click Advanced.

  3. Clear the Encrypt Contents To Secure Data check box.



 < Day Day Up > 



Microsoft Windows Small Business Server 2003 Administrator's Companion
Microsoft Windows Small Business Server 2003 Administrators Companion (Pro-Administrators Companion)
ISBN: 0735620202
EAN: 2147483647
Year: 2004
Pages: 224

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net