Encrypting File System NTFS

The Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption. The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.

On This Page

An Overview of the Encrypting File System
What EFS Is
Basic How-tos
Planning for and Recovering Encrypted Files: Recovery Policy
How EFS Works
Key Differences Between EFS on Windows 2000, Windows XP, and Windows Server 2003
Misuse and Abuse of EFS and How to Avoid Data Loss or Exposure
Remote Storage of Encrypted Files Using SMB File Shares and WebDAV
Best Practices for SOHO and Small Businesses
Enterprise How-tos
Troubleshooting
Radical EFS: Using EFS to Encrypt Databases and Using EFS with Other Microsoft Products
Disaster Recovery
Overviews and Larger Articles
Summary

An Overview of the Encrypting File System

The Encrypting File System (EFS) is a component of the NTFS file system on Windows 2000, Windows XP Professional, and Windows Server 2003. (Windows XP Home doesn't include EFS.) EFS enables transparent encryption and decryption of files by using advanced, standard cryptographic algorithms. Any individual or program that doesn't possess the appropriate cryptographic key cannot read the encrypted data. Encrypted files can be protected even from those who gain physical possession of the computer that the files reside on. Even persons who are authorized to access the computer and its file system cannot view the data. While other defensive strategies should be used, and encryption isn't the correct countermeasure for every threat, encryption is a powerful addition to any defensive strategy. EFS is the built-in file encryption tool for Windows file systems.
However, every defensive weapon, if used incorrectly, carries the potential for harm. EFS must be understood, implemented appropriately, and managed effectively to ensure that your experience, the experience of those to whom you provide support, and the data you wish to protect aren't harmed. This document will

• Provide an overview and pointers to resources on EFS.
• Point to implementation strategies and best practices.
• Name the dangers and counsel mitigation and prevention from harm.

Many online and published resources on EFS exist. The major sources of information are the Microsoft resource kits, product documentation, white papers, and Knowledge Base articles. This paper provides a brief overview of major EFS issues. Wherever possible, it doesn't rework existing documentation; rather, it provides links to the best resources. In short, it maps the list of desired knowledge and instruction to the actual documents where they can be found. In addition, the paper catalogs the key elements of large documents so that you'll be able to find the information you need without having to work your way through hundreds of pages of information each time you have a new question.
The paper discusses the following key EFS knowledge areas:

• What EFS is
• Basic how-tos, such as how to encrypt and decrypt files, recover encrypted files, archive keys, manage certificates, and back up files, and how to disable EFS
• How EFS works and EFS architecture and algorithms
• Key differences between EFS on Windows 2000, Windows XP, and Windows Server 2003
• Misuse and abuse of EFS and how to avoid data loss or exposure
• Remote storage of encrypted files using SMB file shares and WebDAV
• Best practices for SOHO and small businesses
• Enterprise how-tos: how to implement data recovery strategies with PKI and how to implement key recovery with PKI
• Troubleshooting
• Radical EFS: using EFS to encrypt databases and using EFS with other Microsoft products
• Disaster recovery
• Where to download EFS-specific tools

Using EFS requires only a few simple bits of knowledge. However, using EFS without knowledge of best practices and without understanding recovery processes can give you a mistaken sense of security, as your files might not be encrypted when you think they are, or you might enable unauthorized access by having a weak password or having made the password available to others. It might also result in a loss of data, if proper recovery steps aren't taken. Therefore, before using EFS you should read the information links in the section "Misuse and Abuse of EFS and How to Avoid Data Loss or Exposure." The knowledge in this section warns you where lack of proper recovery operations or misunderstanding can cause your data to be unnecessarily exposed. To implement a secure and recoverable EFS policy, you should have a more comprehensive understanding of EFS.

Top Of Page

What EFS Is

You can use EFS to encrypt files stored in the file system of Windows 2000, Windows XP Professional, and Windows Server 2003 computers. EFS isn't designed to protect data while it's transferred from one system to another. EFS uses symmetric (one key is used to encrypt the files) and asymmetric (two keys are used to protect the encryption key) cryptography. An excellent primer on cryptography is available in the Windows 2000 Resource Kit as is an introduction to Certificate Services. Understanding both of these topics will assist you in understanding EFS.
A solid overview of EFS and a comprehensive collection of information on EFS in Windows 2000 are published in the Distributed Systems Guide of the Windows 2000 Server Resource Kit. This information, most of which resides in Chapter 15 of that guide, is published online at http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/default.mspx. (On this site's page, use the TOC to go to the Distributed Systems Guide, Distributed Security, Encrypting File System.)
There are differences between EFS in Windows 2000, Windows XP Professional, and Windows Server 2003. The Windows XP Professional Resource Kit explains the differences between Windows 2000 and Windows XP Professionals implementation of EFS, and the document "Encrypting File System in Windows XP and Windows Server 2003" (http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx) details Windows XP and Windows Server 2003 modifications. The section below, "Key Differences between EFS on Windows 2000, Windows XP, and Windows Server 2003," summarizes these differences.
The following are important basic facts about EFS:

• EFS encryption doesn't occur at the application level but rather at the file-system level; therefore, the encryption and decryption process is transparent to the user and to the application. If a folder is marked for encryption, every file created in or moved to the folder will be encrypted. Applications don't have to understand EFS or manage EFS-encrypted files any differently than unencrypted files. If a user attempts to open a file and possesses the key to do so, the file opens without additional effort on the user's part. If the user doesn't possess the key, they receive an "Access denied" error message.
• File encryption uses a symmetric key, which is then itself encrypted with the public key of a public key encryption pair. The related private key must be available in order for the file to be decrypted. This key pair is bound to a user identity and made available to the user who has possession of the user ID and password. If the private key is damaged or missing, even the user that encrypted the file cannot decrypt it. If a recovery agent exists, then the file may be recoverable. If key archival has been implemented, then the key may be recovered, and the file decrypted. If not, the file may be lost. EFS is an excellent file encryption system—there is no "back door."
• File encryption keys can be archived (e.g. exported to a floppy disk) and kept in a safe place to ensure recovery should keys become damaged.
• EFS keys are protected by the user's password. Any user who can obtain the user ID and password can log on as that user and decrypt that user's files. Therefore, a strong password policy as well as strong user education must be a component of each organization's security practices to ensure the protection of EFS-encrypted files.
• EFS-encrypted files don't remain encrypted during transport if saved to or opened from a folder on a remote server. The file is decrypted, traverses the network in plaintext, and, if saved to a folder on the local drive that's marked for encryption, is encrypted locally. EFS-encrypted files can remain encrypted while traversing the network if they're being saved to a Web folder using WebDAV. This method of remote storage isn't available for Windows 2000.
• EFS uses FIPS 140-evaluated Microsoft Cryptographic Service Providers (CSP—components which contain encryption algorithms for Microsoft products).

Top Of Page

Basic How-tos

How to Encrypt and Decrypt Files, Recover Encrypted Files, Archive Keys, Manage Certificates, Back Up Files; and Disable EFS

EFS functionality is straightforward, and you can find step-by-step instructions in many documents online. Links to specific articles for each possible EFS function, as well as some documents which summarize multiple functionality, follow. If the document is a Knowledge Base article, the Knowledge Base number appears in parentheses after the article title.
Encrypting and Decrypting
The process of encrypting and decrypting files is very straightforward, but its important to decide what to encrypt and to note differences in EFS based on the operating system.

• "Encrypting Files in Windows 2000" (222054) explains setting folder encryption. Remember, once a folder is marked for encryption, it isn't necessary to manually mark for encryption the files placed within it.
• "HOW TO: Encrypt a File in Windows XP" (307877) includes error messages and warnings that a user may get when attempting to open files encrypted by another.
• Folders aren't encrypted; however, setting the folder property to "encrypt" does mean that all files placed in the folder will be automatically encrypted "HOW TO: Encrypt a Folder in Windows XP" (308989) tells how to set the property.
• "HOW TO: Remove File Encryption in Windows XP" (308993) tells how to decrypt a file by removing the file encryption property.

Sharing Encrypted Files
The GUI for sharing encrypted files is available only in Windows XP and Windows Server 2003.

• "HOW TO: Share Access to an Encrypted File in Windows XP" (308991) introduces the methodology by which encrypted files can be shared. You can find a short description, including screen shots, in the "5-Minute Security Advisor—Using the Encrypting File System." Remember: sharing encrypted files is a facility that only Windows XP and Windows Server 2003 have.

Top Of Page

Planning for and Recovering Encrypted Files: Recovery Policy

A recovery policy can be an organization's security policy instituted to plan for proper recovery of encrypted files. It's also the policy enforced by Local Security Policy Public Key Policy or Group Policy Public Key Policy. In the latter, the recovery policy specifies how encrypted files may be recovered should the user private key be damaged or lost and the encrypted file unharmed. Recovery certificate(s) are specified in the policy. Recovery can be either data recovery (Windows 2000, Windows XP Professional, and Windows Server 2003) or key recovery (Windows Server 2003 with Certificate Services). Windows 2000 EFS requires the presence of a recovery agent (no recovery agent, no file encryption), but Windows XP and Windows Server 2003 don't. By default, Windows 2000 and Windows Server 2003 have default recovery agents assigned. Windows XP Professional doesn't.
The data recovery process is simple. The user account bound to the recovery agent certificate is used to decrypt the file. The file should then be delivered in a secure manner to the file owner, who may then encrypt the file. Recovery via automatically archived keys is available only with Windows Server 2003 Certificate Services. Additional configuration beyond the installation of Certificate Services is required. In either case, it's most important that a written policy and procedures for recovery are in place. These procedures, if well written and if followed, can ensure that recovery keys and agents are available for use and that recovery is securely carried out. Keep in mind that there are two definitions for "recovery policy." The first definition refers to a written recovery policy and procedures that describe the who, what, where, and when of recovery, as well as what steps should be taken to ensure recovery components are available. The second definition, which is often referred to in the documents below, is the Public Key Policy that's part of the Local Security Policy on stand-alone systems, or Group Policy in a domain. It can specify which certificates are used for recovery, as well as other aspects of Public Key Policies in the domain. You can find more information in the following documents:

• Windows XP and Windows Server 2003 documentation includes steps "To Add a Recovery Agent for a Domain."
• A "Five-Minute Security Advisor—Recovering Encrypted Data Using EFS" explains the importance of backing up encrypted files and EFS keys as well as the basics of recovery.
• "HOW TO: Back Up the Recovery Agent Encrypting File System Private Key in Windows 2000" (241201) explains how archiving the private key of the recovery agent ensures that it will be available to recover EFS files that are protected by it.
• User and recovery agent private keys should be archived.
• If the recovery private key is corrupt or lost, you can create a new Enterprise Data Recovery Policy in Windows 2000. Use the article "HOW TO: Reinitialize the EDRP on a Workgroup Computer Running Windows 2000" (257705) to do so. However, you should realize that this won't allow you to recover previously encrypted files. If a backup of the previous recovery agent certificate and private key is available, those keys should be used. If a new policy is implemented, currently encrypted files should be decrypted and re-encrypted so that the new recovery agent certificate can be used and thus the files will be recoverable.
• Information on the existence of a recovery agent under the control of an administrator is mentioned in" Methods for Recovering Encrypted Data Files"(255742).
• Instructions on using Ntbackup to back up encrypted files, as well as information on system configuration and how to use Ntbackup to restore these files, are discussed in "HOW TO: Use Ntbackup to Recover an Encrypted File or Folder in Windows 2000" (313277).
• The first step in recovery is determining the recovery agent. "Using Efsinfo.exe to Determine Information About Encrypted Files" (243026) describes how to do this using the Windows 2000 Resource Kit tool, esfinfo.exe. The Advanced file properties of encrypted files in Windows XP and Windows Server 2003 display this information automatically.
• "The Local Administrator Is Not Always the Default Encrypting File System Recovery Agent" (255026) explains why the first account defined (during installation) in a Windows 2000 Professional computer becomes the recovery agent.

Disabling or Preventing Encryption
You may decide that you don't wish users to have the ability to encrypt files. By default, they do. You may decide that specific folders shouldn't contain encrypted files. You may also decide to disable EFS until you can implement a sound EFS policy and train users in proper procedures. There are different ways of disabling EFS depending on the operating system and the desired effect:

• System folders cannot be marked for encryption. EFS keys aren't available during the boot process; thus, if system files were encrypted, the system file couldn't boot. To prevent other folders being marked for encryption, you can mark them as system folders. If this isn't possible, then a method to prevent encryption within a folder is defined in "Encrypting File System."
• NT 4.0 doesn't have the ability to use EFS. If you need to disable EFS for Windows 2000 computers joined to a Windows NT 4.0 domain, see "Need to Turn Off EFS on a Windows 2000-Based Computer in Windows NT 4.0-Based Domain" (288579). The registry key mentioned can also be used to disable EFS in Window XP Professional and Windows Server 2003.
• Disabling EFS for Windows XP Professional can also be done by clearing the checkbox for the property page of the Local Security Policy Public Key Policy. EFS can be disabled in XP and Windows Server 2003 computers joined in a Windows Server 2003 domain by clearing the checkbox for the property pages of the domain or organizational unit (OU) Group Policy Public Key Policy.
• "HOW TO: Disable/Enable EFS on a Stand-Alone Windows 2000-Based Computer" (243035) details how to save the recovery agent's certificate and keys when disabling EFS so that you can enable EFS at a future date.
• "HOW TO: Disable EFS for All Computers in a Windows 2000-Based Domain" (222022) provides the best instruction set and clearly defines the difference between deleted domain policy (an OU-based policy or Local Security Policy can exist) versus Initialize Empty Policy (no Windows 2000 EFS encryption is possible throughout the domain).

Special Operations
Let enough people look at anything, and you'll find there are questions that are just not answered by existing documentation or options. A number of these issues, third-party considerations, and post introduction issues can be resolved by reviewing the following articles.

• Specifications for the use of a third-party Certification Authority (CA) can be found at "Third-Party Certification Authority Support for Encrypting File System" (273856). If you wish to use third-party CA certificates for EFS, you should also investigate certificate revocation processing. Windows 2000 EFS certificates aren't checked for revocation. Windows XP and Windows Server 2003 EFS certificates are checked for revocation in some cases, and third-party certificates may be rejected. Information about certificate revocation handling in EFS can be found in the white paper "Encrypting File System in Windows XP and Windows Server 2003".
• When an existing plaintext file is marked for encryption, it's first copied to a temporary file. When the process is complete, the temporary file is marked for deletion, which means portions of the original file may remain on the disk and could potentially be accessible via a disk editor. These bits of data, referred to as data shreds or remanence, may be permanently removed by using a revised version of the cipher.exe tool. The tool is part of Service Pack 3 (SP3) for Windows 2000 and is included in Windows Server 2003. Instructions for using the tool, along with the location of a downloadable version, can be found in "HOW TO: Use Cipher.exe to Overwrite Deleted Data in Windows" (315672) and in "Cipher.exe Security Tool for the Encrypting File System" (298009).
• How to make encrypted files display in green in Windows Explorer is explained in "HOW TO: Identify Encrypted Files in Windows XP" (320166).
• "How to Enable the Encryption Command on the Shortcut Menu" (241121) provides a registry key to modify for this purpose.
• You may wish to protect printer spool files or hard copies of encrypted files while they're printing. Encryption is transparent to the printing process. If you have the right (possess the key) to decrypt the file and a method exists for printing files, the file will print. However, two issues should concern you. First, if the file is sensitive enough to encrypt, how will you protect the printed copy? Second, the spool file resides in the \system32\Spool\Printers folder. How can you protect it while its there? You could encrypt that folder, but that would slow printing enormously. The Windows 2000 Resource Kit proposes a separate printer for the printing of these files and how to best secure that printer in the Distributed Systems, Distributed Security, Encrypting Files System, Printing EFS Files section.