File system security in windows xp?

Microsoft® Windows® XP and Windows Server 2003 provide many enhancements in the area of data protection— especially Encrypting File System (EFS). This article provides a technical walkthrough that illustrates how to use important data recovery and protection features in various Windows platforms. Also included are best practices and the steps needed to build an effective data recovery and protection strategy.


Microsoft® Windows® XP and Windows Server 2003 provide significant advancements in data recovery and protection and private key recovery. Microsoft Windows 2000 introduced the capability for data protection and protected data recovery with the implementation of Encrypting File System (EFS), and this capability has been enhanced in Windows XP and Windows Server 2003.

EFS—in Windows 2000, Windows XP and Windows Server 2003—supports the use of data recovery agents (DRA) to decrypt files that have been encrypted by other users.

This article is intended to assist system architects and administrators in developing best practices for creating data recovery and data protection strategies using Windows XP and Windows Server 2003.

In addition to explaining strategies for data recovery and data protection in Windows XP, this article includes many step-by-step examples that illustrate how to set up the data recovery and data protection features you'll want to use when deploying a Windows XP data recovery and protection solution.

The main topics discussed include:

*

EFS Enhancements in Windows XP and Windows Server 2003
*

Data Recovery Overview
*

Data Recovery Using EFS
*

Data Recovery—Best Practices
*

Data Protection—Best Practices
*

Data Recovery Versus Key Recovery
*

Troubleshooting

Note EFS is not available in Windows XP Home Edition.
Top of page
EFS Enhancements in Windows XP and Windows Server 2003

The increased functionality of EFS has significantly enhanced the power of the Windows XP Professional client. Windows XP Professional now provides additional flexibility for corporate users when deploying security solutions based on encrypted data files and folders. These new features include:

*

Full support for revocation checking on certificates used when sharing encrypted files
*

Support for EFS with Windows Server 2003 clusters
*

Alternate color support (green) for encrypted files to easily locate and verify protected files
*

Support for encrypted offline folders in Windows XP
*

Multi-user support for encrypted files in the shell user interface (UI)
*

Support for Microsoft Enhanced and Strong cryptographic service providers (CSPs)
*

Additional support for enhanced algorithm options and strengths
*

End-to-end encryption using EFS over WebDAV
*

Enhanced recovery policy flexibility
*

Performance and reliability enhancements
*

Additional security features for protecting EFS data


Read the article What's New in Security for Windows XP to learn more about EFS enhancements in Windows XP— http://www.microsoft.com/technet/prodtechnol/winxppro/evaluate/xpsec.m spx.

XP offers great security through EFS. Just right click the file you want to encrypt then choose properites. Press the advanced button and tick the encrypt contents box.