Encrypting File System - New Features Available By Windows Version

New Features Available By Windows Version

Windows XP
  • Encryption of the Client-Side Cache (Offline Files database)
  • Protection of DPAPI Master Key backup using domain-wide public key
  • Autoenrollment of user certificates (including EFS certificates)
  • Multiple-user (shared) access to encrypted files (on a file-by-file basis) and revocation checking on certificates used when sharing encrypted files
  • Encrypted files can be shown in an alternate color (green by default)
  • No requirement for mandatory Recovery Agent
  • Warning when files may be getting silently decrypted when moving to an unsupported file system
  • Password reset disk
  • EFS over WebDAV and remote encryption for servers delegated in Active Directory
Windows XP SP1
  • Support for and default use of AES-256 symmetric encryption algorithm for all EFS-encrypted files
Windows XP SP2 + KB 912761
  • Prevent enrollment of self-signed EFS certificates
Windows Server 2003
  • Digital Identity Management Service
  • Enforcement of RSAKeyLength setting for enforcing a minimum key length when enrolling self-signed EFS certificates
Windows Vista and Windows Server 2008
  • Per-user encryption of Client-Side Cache (Offline Files)
  • Support for storing (user or DRA) RSA private keys on a PC/SC smart card
  • EFS Re-Key Wizard
  • EFS Key backup prompts
  • Support for deriving DPAPI Master Key from PC/SC smart card
  • Support for encryption of pagefile.sys
  • Protection of EFS-related secrets using BitLocker (Enterprise or Ultimate edition of Windows Vista)
  • Group Policy controls to enforce:
    • Encryption of Documents folder
    • Offline files encryption
    • Indexing of encrypted files
    • Requiring smart card for EFS
    • Creating a caching-capable user key from smart card
    • Displaying a key backup notification when a user key is created or changed
    • Specifying the certificate template used for enrolling EFS certificates automatically
Windows Server 2008
  • EFS self-signed certificates enrolled on the Windows Server 2008 server will default to 2048-bit RSA key length
  • All EFS templates (user and data recovery agent certificates) default to 2048-bit RSA key length
Windows 7 and Windows Server 2008 R2
  • Elliptic-curve cryptographic algorithms (ECC). Windows 7 supports a mixed mode operation of ECC and RSA algorithms for backward compatibility
  • EFS self-signed certificates, when using ECC, will use 256-bit key by default.
  • EFS can be configured to use 1K/2k/4k/8k/16k-bit keys when using self-signed RSA certificates, or 256/384/512-bit keys when using ECC certificates.

Read more about this topic:  Encrypting File System

Famous quotes containing the words features, windows and/or version:

    These, then, will be some of the features of democracy ... it will be, in all likelihood, an agreeable, lawless, particolored commonwealth, dealing with all alike on a footing of equality, whether they be really equal or not.
    Plato (c. 427–347 B.C.)

    The light struggled in through windows of oiled paper, but they read the word of God by it.
    Ralph Waldo Emerson (1803–1882)

    Truth cannot be defined or tested by agreement with ‘the world’; for not only do truths differ for different worlds but the nature of agreement between a world apart from it is notoriously nebulous. Rather—speaking loosely and without trying to answer either Pilate’s question or Tarski’s—a version is to be taken to be true when it offends no unyielding beliefs and none of its own precepts.
    Nelson Goodman (b. 1906)