Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Encrypting File System
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==New features available by Windows version== ;Windows XP * Encryption of the Client-Side Cache ([[Offline Files]] database) * Protection of [[Data protection API|DPAPI]] Master Key backup using domain-wide public key * Autoenrollment of user certificates (including EFS certificates) * Multiple-user (shared) access to encrypted files (on a file-by-file basis) and revocation checking on certificates used when sharing encrypted files * Encrypted files can be shown in an alternative color (green by default) * No requirement for mandatory ''Recovery Agent'' * Warning when files may be getting silently decrypted when moving to an unsupported file system * Password reset disk * EFS over WebDAV and remote encryption for servers delegated in [[Active Directory]] ; Windows XP SP1 * Support for and default use of AES-256 symmetric encryption algorithm for all EFS-encrypted files ;Windows XP SP2 + KB [http://support.microsoft.com/kb/912761 912761] * Prevent enrollment of self-signed EFS certificates ; Windows Server 2003 * Digital Identity Management Service * Enforcement of RSAKeyLength setting for enforcing a minimum key length when enrolling self-signed EFS certificates ; Windows Vista<ref>{{cite web|url=http://download.microsoft.com/download/e/b/a/ebafefc9-4b64-4816-8778-9fb33c8c43d9/31_Rights_Management_og_Encrypting_File_Systems.pdf |title=Windows Vista Session 31: Rights Management Services and Encrypting File System |author=Kim Mikkelsen |date=2006-09-05 |access-date=2007-10-02 |work=presentation |publisher=Microsoft }}{{dead link|date=June 2016|bot=medic}}{{cbignore|bot=medic}}</ref> and Windows Server 2008<ref>{{cite web |url=http://technet2.microsoft.com/windowsserver2008/en/library/69f04dd7-bced-4079-84e9-095b8dc563991033.mspx?mfr=true |archive-url=http://webarchive.loc.gov/all/20140120172913/http://technet2.microsoft.com/windowsserver2008/en/library/69f04dd7-bced-4079-84e9-095b8dc563991033.mspx?mfr=true |url-status=dead |archive-date=2014-01-20 |title=Encrypting File System |date=2007-04-30 |access-date=2007-11-06 |work=documentation |publisher=Microsoft }}</ref><ref name="Microsoft">{{cite web |url=http://technet2.microsoft.com/windowsserver2008/en/library/f843023b-bedd-40dd-9e5b-f1619eebf7821033.mspx?mfr=true |title=Changes in Functionality from Windows Server 2003 with SP1 to Windows Server 2008: Encrypting File System |date=2007-09-01 |access-date=2007-11-06 |work=documentation |publisher=Microsoft |url-status=dead |archive-url=https://web.archive.org/web/20080325134925/http://technet2.microsoft.com/windowsserver2008/en/library/f843023b-bedd-40dd-9e5b-f1619eebf7821033.mspx?mfr=true |archive-date=2008-03-25 }}</ref> * Per-user encryption of Client-Side Cache (Offline Files) * Support for storing (user or DRA) RSA private keys on a PC/SC smart card * EFS Re-Key Wizard * EFS Key backup prompts * Support for deriving [[Data protection API|DPAPI]] Master Key from PC/SC smart card * Support for encryption of pagefile.sys * Protection of EFS-related secrets using [[BitLocker]] (Enterprise or Ultimate edition of Windows Vista)<ref>{{cite web |url=http://download.microsoft.com/documents/uk/msdn/events/Windows_Vista_Security_WP.doc |title=Microsoft Windows Vista Security Enhancements |author=Scott Field |date=June 2006 |access-date=2007-06-14 |work=whitepaper |publisher=Microsoft |format=DOC}}</ref><ref>{{cite web |url=http://www.freepatentsonline.com/20060271697.html |title=Data Communication Protocol |author=Microsoft Corporation |date=2006-11-30 |access-date=2007-06-14 |work=patent |publisher=Microsoft }}</ref> * Group Policy controls to enforce ** Encryption of Documents folder ** Offline files encryption ** Indexing of encrypted files ** Requiring smart card for EFS ** Creating a caching-capable user key from smart card ** Displaying a key backup notification when a user key is created or changed ** Specifying the certificate template used for enrolling EFS certificates automatically ; Windows Server 2008<ref name="Microsoft"/> * EFS self-signed certificates enrolled on the Windows Server 2008 server will default to 2048-bit RSA key length * All EFS templates (user and data recovery agent certificates) default to 2048-bit RSA key length ;Windows 7 and Windows Server 2008 R2<ref>{{cite web |url=https://technet.microsoft.com/en-us/library/dd630631.aspx |title=Changes in EFS |publisher = Microsoft TechNet |access-date=2009-05-02 }}</ref> *[[Elliptic Curve Cryptography|Elliptic-curve cryptographic algorithm]]s (ECC). Windows 7 supports a mixed mode operation of ECC and RSA algorithms for backward compatibility *EFS self-signed certificates, when using ECC, will use 256-bit key by default. *EFS can be configured to use 1K/2k/4k/8k/16k-bit keys when using self-signed RSA certificates, or 256/384/521<!-- This is not typo. 521 is correct. Not 512. -->-bit keys when using ECC certificates. ;Windows 10 version 1607 and Windows Server 2016 * Add EFS support on FAT and exFAT.<ref>{{cite web |url=https://msdn.microsoft.com/en-us/library/cc232128.aspx |title=[MS-FSCC]: Appendix B: Product Behavior |publisher = Microsoft |quote = Support for FAT and EXFAT was added in Windows 10 v1607 operating system and Windows Server 2016 and subsequent. |date = 2017-09-15 <!-- Date from https://msdn.microsoft.com/en-us/library/cc231987.aspx --> |access-date = 2017-10-02 }}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)