Working with EFS

Infineon Security Platform

previous page next page

Infineon Security Platform Solution

Working with the Encrypting File System

There are just a few topics that have to be taken into consideration when working with EFS. Some of them are of interest for system administrators only, since they are important when EFS is set up.

Administrative Considerations

  • Only files and folders on NTFS volumes can be encrypted
    Generally, this will not be a restriction, as the NTFS file system is highly recommended as the standard file system when Windows 2000 or XP are used. Many features not connected to the Security Platform Solution are also based on NTFS.

  • A FAT volume breaks the encryption in any case
    Whenever an encrypted file is stored on a FAT volume, the protection no longer exists. This applies especially to floppy disks, which are typically used for file transfer of small sized files. But multi-partitioned hard disks can also be a weak point, if one of the partitions is a FAT volume and this volume is used for file storage (even if it is only for temporary storage).

  • System files and compressed files cannot be encrypted
    The installation folder of Windows as well as some files in the root folder of the boot partition cannot be protected by the EFS mechanism. This does not break the security at all, as the operating system itself protects the core system files with special mechanisms that cannot be turned off. Additional information on this topic can be found in the frequently asked questions.

  • Temporary files are also a matter of interest for potential attackers
    To prevent a leak in the data security structure, temporary folders and files also have to be encrypted. Most applications use the standard folders for storage of temporary files. Encrypting these folders enhances the security level of a system considerably. The use of a common temporary folder for all users is not recommended, as this requires additional administrative management.

User considerations

Users working with encrypted files and folders should keep the following information and recommendations in mind.

  • Encryption is easy to configure. More detailed information is available on the Microsoft EFS Help.

  • Only the user who encrypted the file can open it. Additional access for other users is possible and must be granted manually on a file-by-file basis.

  • Users must use copying and pasting to retain encryption when moving files into an encrypted folder. If using a drag-and-drop operation to move the files, files are not automatically encrypted in the new folder.

  • If EFS is wanted on remote computers, this functionality must be manually configured on the remote computer.

  • Users should encrypt the My Documents folder if this is where they save most of their documents. This ensures that their personal documents are encrypted by default.

The listed topics are a rough overview on how to work with EFS. More detailed information is available on the Microsoft EFS Help. To obtain the required information in Microsoft Help, minimize all currently open windows to view the Windows Desktop. Then press F1 and search for the appropriate keyword.

Some technical aspects of EFS are covered in the troubleshooting.

Note: EFS is not supported in Windows Home editions.


©Infineon Technologies AG

previous page start next page