Encrypting file system

Encrypting file system 
Mitch Tullock

Encrypting file system is a feature in Windows 2000 that allows users to encrypt local files or folders to prevent unauthorized access to those files. You can encrypt an object by right clicking on it in Windows Explorer, selecting properties, and then, under the general tab, selecting advanced and checking Encrypt contents to secure data. The encryption uses public and private keys for encoding and decoding. But there are files you should not encrypt, as this tip, from Mitch Tullock's Windows 2000 Administration in a Nutshell, published by O'Reilly Associates, points out.

Never encrypt files in the system directory where the Windows 2000 Server boot files are located. Since the key for decrypting these files cannot be accessed until the operating system has booted and a user has logged on, Windows 2000 will not be able to start. Of course, Windows 2000 safeguards against this by preventing you from encrypting files that have the System attribute set. But if you have removed the system attribute from these files using the attrib command (perhaps while troubleshooting startup problems) and failed to reset this attribute on the files afterwards, the possibility of encryption then exists.

To learn more about Windows 2000 Administration in a Nutshell, or to buy this book, click here.

Did you like this tip? Like it or not, we want to know, so why not drop us a line to let us know? Or visit our tips page to rate this, and other, tips.

This was first published in March 2001

Dig Deeper on Microsoft Windows 2000 Server Administration



Find more PRO+ content and other member only offers, here.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: