Encrypting File System - New Features Available By Windows Version

New Features Available By Windows Version

Windows XP
  • Encryption of the Client-Side Cache (Offline Files database)
  • Protection of DPAPI Master Key backup using domain-wide public key
  • Autoenrollment of user certificates (including EFS certificates)
  • Multiple-user (shared) access to encrypted files (on a file-by-file basis) and revocation checking on certificates used when sharing encrypted files
  • Encrypted files can be shown in an alternate color (green by default)
  • No requirement for mandatory Recovery Agent
  • Warning when files may be getting silently decrypted when moving to an unsupported file system
  • Password reset disk
  • EFS over WebDAV and remote encryption for servers delegated in Active Directory
Windows XP SP1
  • Support for and default use of AES-256 symmetric encryption algorithm for all EFS-encrypted files
Windows XP SP2 + KB 912761
  • Prevent enrollment of self-signed EFS certificates
Windows Server 2003
  • Digital Identity Management Service
  • Enforcement of RSAKeyLength setting for enforcing a minimum key length when enrolling self-signed EFS certificates
Windows Vista and Windows Server 2008
  • Per-user encryption of Client-Side Cache (Offline Files)
  • Support for storing (user or DRA) RSA private keys on a PC/SC smart card
  • EFS Re-Key Wizard
  • EFS Key backup prompts
  • Support for deriving DPAPI Master Key from PC/SC smart card
  • Support for encryption of pagefile.sys
  • Protection of EFS-related secrets using BitLocker (Enterprise or Ultimate edition of Windows Vista)
  • Group Policy controls to enforce:
    • Encryption of Documents folder
    • Offline files encryption
    • Indexing of encrypted files
    • Requiring smart card for EFS
    • Creating a caching-capable user key from smart card
    • Displaying a key backup notification when a user key is created or changed
    • Specifying the certificate template used for enrolling EFS certificates automatically
Windows Server 2008
  • EFS self-signed certificates enrolled on the Windows Server 2008 server will default to 2048-bit RSA key length
  • All EFS templates (user and data recovery agent certificates) default to 2048-bit RSA key length
Windows 7 and Windows Server 2008 R2
  • Elliptic-curve cryptographic algorithms (ECC). Windows 7 supports a mixed mode operation of ECC and RSA algorithms for backward compatibility
  • EFS self-signed certificates, when using ECC, will use 256-bit key by default.
  • EFS can be configured to use 1K/2k/4k/8k/16k-bit keys when using self-signed RSA certificates, or 256/384/512-bit keys when using ECC certificates.

Read more about this topic:  Encrypting File System

Famous quotes containing the words features, windows and/or version:

    However much we may differ in the choice of the measures which should guide the administration of the government, there can be but little doubt in the minds of those who are really friendly to the republican features of our system that one of its most important securities consists in the separation of the legislative and executive powers at the same time that each is acknowledged to be supreme, in the will of the people constitutionally expressed.
    Andrew Jackson (1767–1845)

    And Saints—to windows run—
    To see the little Tippler
    Leaning against the—Sun—
    Emily Dickinson (1830–1886)

    It is never the thing but the version of the thing:
    The fragrance of the woman not her self,
    Her self in her manner not the solid block,
    The day in its color not perpending time,
    Time in its weather, our most sovereign lord,
    The weather in words and words in sounds of sound.
    Wallace Stevens (1879–1955)