EFS is enabled for documents in Windows 2000 through an optional advanced file attribute. To implement this feature, follow these steps:
- In Windows Explorer, create a new folder named SecureTest in the root folder for your Web site.
- In the new folder, save the following Active Server Pages (ASP) code as Default.asp:
You are logged on as:
- Right-click the Default.asp file and then click Properties.
- Click Advanced.
- Select the Encrypt contents to secure data check box.
- Click OK.
- If you are prompted to encrypt the parent folder, select the Encrypt the file only radio button and then click OK.
- Click OK again to return to Windows Explorer.
The following is a list of best practices regarding EFS:
- Protect the private keys associated with data recovery certificates. Export them into a Personal Information Exchange (.pfx) file protected with a strong password. Store .pfx files on a floppy disk, and lock the floppy disk away for safekeeping.
- Encrypt folders rather than individual files. Explorer only allows encryption at the folder level. However, the Cipher.exe file can encrypt individual files. Applications work on files in various ways. For example, when a user edits a file with an application, the application may create temporary files in the same folder as the original. Encrypting at the folder level ensures that these temporary files are not created or saved as plain text.
- Encrypt the My Documents folder (%UserProfile%\My Documents) to ensure that the personal folder, in which most Microsoft Office documents are saved, is encrypted by default.
- Encrypt the Temp folder (%TEMP%) to ensure that the temporary files that are created by various applications are encrypted.
Article ID: 243756 - Last Review: Jun 19, 2014 - Revision: 1