New Training: Manage Windows Security

In this 8-video skill, CBT Nuggets trainer James Conrad shows you how to secure file and folder resources using share and NTFS permissions. Learn how to configure and manage local and group policy objects. Watch this new Windows 10 training.

Watch this full course: Microsoft Windows 10

This training includes:

• 8 videos

• 57 minutes of training

You’ll learn these topics in this skill:

• Configure User Account Control

• Configure Windows Defender Firewall

• Windows Defender Firewall Command Line

• Introduction to Encrypting File System

• Configure a Domain Data Recovery Agent for EFS

• Configure a Local Data Recovery Agent for EFS

• BitLocker Overview

• BitLocker Lab

What is the Encrypting File System (EFS)?

The Encrypting File System (EFS) is a Windows feature that provides filesystem-level encryption. Introduced in version 3 of NTFS (New Technology File System), EFS transparently encrypts files so that they are protected, even from an attacker who has physical access to a drive. EFS has been available in all versions of Windows since Windows 2000, except for the Home versions of the operating system.

Users generally enable EFS on a per-file, or per-directory basis. It works by using both public key cryptography and symmetric key cryptography. While EFS is effective, its keys are protected by user account login. So, if the account becomes compromised, so do the keys. Though, beginning with Windows Vista, users have had the option of storing their keys on smart cards.

Originally, EFS was only supported on NTFS drives. But, in Windows 10 and Windows Server 2016, a very similar (but different) encryption technology was added for FAT and exFAT drives. From the user perspective on these file systems, you encrypt and decrypt files exactly the same way as you do with EFS.