| 51 |
| Disable EFS to make your documents more secure |
| The Encrypting File System (EFS) provides another layer of security for your documents. Even |
| though it's very useful, you have to be aware of two important issues. |
| First, EFS-encrypted files are transferred between computers in unencrypted form. To secure files |
| during network transfer, you must use some other technology like IPSec. Second, other potential |
| problems are private keys and recovery agents. To efficiently use EFS, you need a good recovery |
| Most of the time, you'll let users decide if they want to use EFS. However, you have the ability to |
| disable EFS if you want. The funny thing about disabling EFS is that there isn't a "Disable EFS" |
| setting. Basically, you disable EFS by removing the recovery agent. If no recovery agents are |
| defined, Windows 2000 computers prevent users from using EFS. |
| If you have a Windows 2000 domain, open Active Directory Users And Computers. |
| Right-click the domain and select Properties. |
| On the Group Policy tab, select Default Domain Policy and click Edit. |
| Go to Computer Configuration | Windows Settings | Security Settings | Public Key Policies | |
| Encrypted Data Recovery Agents. |
| If there are any certificates, delete them. |
| Right-click Encrypted Data Recovery Agents, click Delete Policy, and then click Yes. |
| Right-click Encrypted Data Recovery Agents and click on Initialize Empty Policy. |
First Previous Next Last |