Microsoft KB Archive/223338

= Using a Certificate Authority for the Encrypting File Service =

Article ID: 223338

Article Last Modified on 10/26/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition

-



This article was previously published under Q223338



SUMMARY
The Encrypting File System (EFS) is a feature of Windows 2000 that allows users to encrypt data directly on volumes that use the NTFS file system. It operates by using certificates based on the X.509 standard. If no Certificate Authority (CA) is available from which to request certificates, the EFS subsystem automatically generates its own self-signed certificates for users and default recovery agents.

There are several circumstances in which an organization may want to implement Certificate Authorities, as opposed to allowing EFS to generate its own self-signed certificates.



MORE INFORMATION
The following are some reasons why an organization might want to use a Certificate Authority for EFS certificate generation:
 * More flexible EFS recovery management. With a Certificate Authority infrastructure, it is possible for an organization to issue specific recovery certificates for dedicated recovery computers, rather than to domain controllers.
 * Centralized certificate management. Administrators can control the lifetime of issued EFS certificates, and can publish certificate revocation lists to control how long recovery certificates are valid.
 * Scalability. Certificate Authorities can be distributed throughout an organization, providing their own set of templates that define the types of certificates that can be issued at each level.

For additional information about EFS, see "Step-by-Step Guide to Encrypting File System (EFS)" on the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/windows2000/w2kccadm/dataprot/w2kadm21.mspx

Keywords: kbproductlink kbenv kbinfo KB223338

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.