Article

Disable EFS

Roberta Bragg

Get a glimpse inside Roberta Bragg's new book "Hardening Windows systems" with this series of book excerpts. This excerpt from Chapter 1, "An immediate call to action," explains why you should disable EFS if you don't have a policy in place to manage it. Click for the

Requires Free Membership to View

complete book excerpt series or purchase the book.


Disable EFS

Unless you have implemented a policy for the management of EFS that includes recovery procedures and key backup, disable EFS. EFS is enabled by default, but not turned on. Accordingly, it is easy for users to use the service to encrypt files without understanding how to protect themselves from data loss. EFS can be disabled in Group Policy. The local group policy, created by using the group policy snap-in and selecting the local computer, can be used to disable EFS on a single computer, while a domainbased Group Policy can be used to disable EFS for an entire domain.

    To disable EFS:
    1. Open the default domain GPO.
    2. For a Windows Server 2003 domain:
      a. Right-click the Public Key Policies, Encryption File System policy.
      b. Right-click the Encrypting Files System folder and select Properties.
      c. Select to uncheck the Allow Users to Encrypt Files Using Encrypting File System (EFS).

    3. For a Windows 2000 domain:
      a. Right-click the Public Key Policies, Encrypted Data Recovery node.
      b. In the details pane, right-click the certificate designated for File Recovery and select Delete.
      c. Right-click the Encrypting Data Recovery Agents folder and select Delete Policy.

More information on how best to manage EFS is included in Chapter 10.

Click for the next excerpt in this series: Ban wireless networks that don't meet tough security policy requirements.


Click for book details or purchase the book.

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: