| 11 |
| Prevent encryption when copying files to a server |
| With Windows 2000's Encrypting File System (EFS), you can encrypt files for security. EFS installs |
| automatically and hooks into the NTFS file system as a loadable driver. Then, you can encrypt and |
| decrypt files transparently on your system by setting a file attribute. To encrypt or decrypt a local |
| Open the parent folder, right-click the file or folder, and then choose Properties. |
| Click the Advanced tab. Then, on the Advanced Attributes page, click Encrypt Contents To Secure |
| It's possible to copy encrypted files to a server. If the server supports encryption, the copied file is |
| encrypted regardless of the state of the encryption attribute for the target folder or volume. |
| If you need to share encrypted files with others on the network by placing them on a server, you can |
| either share the export and your encryption certificate with the other users or configure the server |
| so it doesn't encrypt the file. |
| The latter option assumes you'll apply the appropriate security measures to prevent unauthorized |
| users. If you choose that option, ensure that the files aren't encrypted when you copy or move them |
| to the server. There are two ways to do this: either define an empty recovery policy or set a registry |
| setting. To configure the recovery policy: |
| Open the Local Security console on the server. |
| Expand the Security Settings | Public Key Policies | Encrypted Data Recovery Agents branch. |
| Export all existing certificates to files and store those files in a secure location. |
| Delete the certificates from this branch. |
| To take the registry approach, open the Registry Editor and delete the value: |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ |
| FileSystem\NtfsEncryptionService. Then, reboot the server. |
| Reminder: Editing the registry can be risky, so be sure you have a verified backup before making |
First Previous Next Last |