Encrypting File System in Server 2008

Posted: August 1, 2011 in Active Directory, Server 2008, System Information
Tags: , ,

The Encrypting File System (EFS) is one feature made possible by reparse points in Windows Server 2008 that enhances security for local files on NTFS volumes. EFS is useful for securing files on any system, but it is most useful on systems that can easily be stolen or physically compromised, such as notebook and tablet PCs. EFS is integrated within NTFS and therefore is applicable only to files on NTFS volumes. FAT16 and FAT32 volumes do not support EFS. Only files can be encrypted; folders cannot, even on NTFS volumes. However, folders are marked to indicate that they contain encrypted data. EFS are designed to protect files locally, and therefore don’t support sharing of encrypted files. You can store your own encrypted files on a remote server and access those files yourself. The data is not encrypted during transmission across the network, however, unless you use Internet Protocol Security (IPsec) to encrypt IP traffic (assuming you are using TCP/IP as the network protocol for transferring the file).

  1. Mike says:

    It’s been said that encrypted files cannot be replicated using DFS Replication… which means a replicated share (which has been replicated/duplicated in the event one source is inaccessible/goes down) is no longer equivalent… what’s the strategy to maintain a replicated copy in this situation?

    • ignitedsoul says:

      No. DFS Replication will not replicate files or folders that are encrypted using the Encrypting File System (EFS). If a user encrypts a file that was previously replicated, DFS Replication deletes the file from all other members of the replication group. This ensures that the only available copy of the file is the encrypted version on the server.

      Setup a server cluster and configuring EFS on the cluster may meet your requirement.

      You can get more Info about Server Cluster here

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s