Article ID: 320044
Article Last Modified on 10/31/2006
APPLIES TO
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional Edition
This article was previously published under Q320044
IN THIS TASK
SUMMARY
This step-by-step article describes how to use Encrypting File System (EFS) to encrypt files and folders on a remote Windows 2000-based computer.
Use EFS to encrypt your data when you want to protect it from unauthorized access and to prevent it from being read by other users. You can use EFS to encrypt and decrypt files and folders that are located on NTFS volumes on a remote server if the server is trusted for delegation in Active Directory. To remotely encrypt and decrypt files and folders, your certificate and private key must be stored on the server. The server uses Kerberos delegation to access this information.
Note that when you set encryption for a folder, EFS automatically encrypts all new files and subfolders that you create in that folder.
back to the top
How to Encrypt Files and Folders on a Remote Server
- Connect to the server that contains the files or folders that you want to encrypt.
- Right-click the file or folder that you want to encrypt, and then click Properties.
- On the General tab, click Advanced.
- Click to select the Encrypt contents to secure data check box, click OK, and then click OK.
Note that if you encrypt a folder, you are prompted to confirm how you want to apply the attributes. Click either of the following options, and then click OK:
- Apply to this folder only
- Apply changes to this folder, subfolders and files
- Repeat steps 2 through 4 for each file or folder that you want to encrypt.
NOTE: The data is encrypted when it is stored on disk, not when it is sent across the network. When you open an encrypted file over the network, the data that is transferred over the network is not encrypted. You must use a network protocol such as Secure Sockets Layer/Private Communications Technology (SSL/PCT) or Internet Protocol Security (IPSec) to encrypt data that is transmitted across a network.
back to the top
How to Decrypt Files and Folders on a Remote Server
- Connect to the server that contains the files or folders that you want to decrypt.
- Right-click the file or folder that you want to decrypt, and then click Properties.
- On the General tab, click Advanced.
- Click to clear the Encrypt contents to secure data check box, click OK, and then click OK.
Note that if you decrypt a folder, you are prompted to confirm how you want to apply the attributes. Click either of the following options, and then click OK:
- Apply to this folder only
- Apply changes to this folder, subfolders and files
- Repeat steps 2 through 4 for each file or folder that you want to decrypt.
REFERENCES
For additional information about EFS, visit the following Microsoft Web site:
For additional information about remotely encrypting files and folders on a server, click the following article number to view the article in the Microsoft Knowledge Base:
283223 Recovery of encrypted files on a server
222054 Encrypting files in Windows 2000
223316 Best practices for Encrypting File System
255742 Methods for recovering encrypted data files
For additional information about Kerberos authentication and delegation in Windows 2000, click the following article numbers to view the articles in the Microsoft Knowledge Base:
217098 Basic overview of Kerberos User Authentication protocol in Windows 2000
266080 Answers to frequently asked Kerberos questions
Keywords: kbhowto kbhowtomaster KB320044
