EFS can encrypt and decrypt individual files or folders and their contents. Encryption can be configured to use certificates that have been provided by a CA, or to use self-signed certificates. When EFS is used on a standalone computer, or one that is a member of a workgroup, it defaults to self-signed certificates and automatically generates the certificates when a user encrypts a file. Local Security Policy is a subset of Group Policy settings that are applicable to the local computer. When a computer is a member of a domain, any conflicting settings from a GPO override the settings that are contained in Local Security Policy. You can configure Password Policy, Account Lockout Policy, Software Restrictions, IP Security Policies, and Local Policies in the Local Security Policy console. Additional security settings can be created for the Registry, File System, and Restricted Groups when you create a custom security template. To import these security settings, you use the Security Configuration and Analysis tool. Internet Explorer organizes its security settings in the Internet Options dialog box. You can create different security settings for the various Internet zones. The Advanced tab contains additional security settings. EFS, Local Security Policy, and Internet Explorer's Security settings are three tools that you can use to manage the way that data on a Windows XP Professional computer is secured. |