# Implementing EFS on Hard Disk



## cryingvalor (Nov 4, 2006)

- hey guys i am planning to encrypt the HDD of our fileserver, but only the HDD and not its content because its contents are also being sent to our remote offices. is this good and ok?


----------



## Cellus (Aug 31, 2006)

I'm sorry but you'll have to be a bit more clear on that. What do you mean by encrypting your hard drive but not its contents?


----------



## cryingvalor (Nov 4, 2006)

- well its like this i would like to enable EFS on the HDD but only to the HDD not including its contents (files).because most of the files on this HDD will be sent to our other branch offices.


----------



## Cellus (Aug 31, 2006)

Unfortunately what you are asking is still somewhat ambiguous. Let me see if I can help makes things clearer by explaining a little about EFS.

EFS, in a nutshell, is used for encrypting _files_ on NTFS volumes. While NTFS file and folder permissions allow you to set up a means of access control to files/folders, EFS encrypts files (and their contents) by using digital certificates based on user accounts. This prevents anyone from seeing the contents of encrypted files even if they have bypassed access control (eg: accessing a folder with a trusted user account). The only accounts that can see the contents of EFS files are accounts which have been explicitly allowed, and Recovery Agents (backup/emergency access by designated accounts). The nice thing about EFS, in comparison to other encryption solutions out there, is that it is fully integrated with newer versions of Windows on NTFS volumes, can be seamlessly used in an AD domain environment, and is very easy to use. For more information on EFS, take a look at the MS documentation here.

Encrypting a HDD but not its contents is somewhat of an oxymoron - encrypting a HDD involves encrypting its contents. You can however restrict physical access to a HDD (eg: have your server in a locked case and/or cabinet and/or cage and/or room).


----------



## cryingvalor (Nov 4, 2006)

- sorry for the confusion :grin: but i was now able to answer my question. when i enable encryption on a folder window gave some choices whether to encrypt only the folder or encrypt even its contents:grin: 
- i think my real question is that if is it possible to encrypt a HDD with EFS. i have 2 partitions in my PC both NTFS. i want to encrypt drive D but i cant find the option in enabling EFS to encrypt my drive D.


----------



## johnwill (Sep 26, 2002)

This still makes no sense. Either you're encrypting the files, or you're not. If you specify a folder to be encrypted, all the files in the folder are encrypted. If you send the files to a remote office, they'd be decrypted during the copy operation, unless the target media also was encrypted.

What exact steps are you taking.

Note that EFS can result in the total loss of all the files if you don't create the recovery agent disk and have to reinstall the O/S. I'd do some research before you use EFS.


----------



## cryingvalor (Nov 4, 2006)

- ok heres my real question how do i encrypt my drive D partition using EFS.


----------



## johnwill (Sep 26, 2002)

My Computer, browse to root of D:, select all folders, right click, Properties.

Click the advanced button and select encryption.

Make sure you create the recovery agent disk.


----------



## cryingvalor (Nov 4, 2006)

- ok so the hard disk it self cant be encrypted only its contents.
- how do i create a recovery disk?:grin:


----------



## koala (Mar 27, 2005)

How to back up the recovery agent Encrypting File System (EFS) private key
Best practices for the Encrypting File System
Encrypting File System in Windows XP and Windows Server 2003


----------



## johnwill (Sep 26, 2002)

Thanks koala, I figured I'd have to round up those references next. :grin:


----------

