How to encrypt files and folders on a remote Windows 2000 Server (320044)
The information in this article applies to:
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional
This article was previously published under Q320044 SUMMARY This step-by-step article describes how to use Encrypting
File System (EFS) to encrypt files and folders on a remote Windows 2000-based
computer. Use EFS to encrypt your data when you want to protect it
from unauthorized access and to prevent it from being read by other users. You
can use EFS to encrypt and decrypt files and folders that are located on NTFS
volumes on a remote server if the server is trusted for delegation in Active
Directory. To remotely encrypt and decrypt files and folders, your certificate
and private key must be stored on the server. The server uses Kerberos
delegation to access this information. Note that when you set
encryption for a folder, EFS automatically encrypts all new files and
subfolders that you create in that folder.
back to the top
How to Encrypt Files and Folders on a Remote Server- Connect to the server that contains the files or folders
that you want to encrypt.
- Right-click the file or folder that you want to encrypt,
and then click Properties.
- On the General tab, click Advanced.
- Click to select the Encrypt contents to secure
data check box, click OK, and then click OK.
Note that if you encrypt a folder, you are prompted to
confirm how you want to apply the attributes. Click either of the following
options, and then click OK:
- Apply to this folder only
- Apply changes to this folder, subfolders and files
- Repeat steps 2 through 4 for each file or folder that you
want to encrypt.
NOTE: The data is encrypted when it is stored on disk, not when it is
sent across the network. When you open an encrypted file over the network, the
data that is transferred over the network is not encrypted. You must use a
network protocol such as Secure Sockets Layer/Private Communications Technology
(SSL/PCT) or Internet Protocol Security (IPSec) to encrypt data that is
transmitted across a network.
back to the top
How to Decrypt Files and Folders on a Remote Server- Connect to the server that contains the files or folders
that you want to decrypt.
- Right-click the file or folder that you want to decrypt,
and then click Properties.
- On the General tab, click Advanced.
- Click to clear the Encrypt contents to secure
data check box, click OK, and then click OK.
Note that if you decrypt a folder, you are prompted
to confirm how you want to apply the attributes. Click either of the following
options, and then click OK:
- Apply to this folder only
- Apply changes to this folder, subfolders and files
- Repeat steps 2 through 4 for each file or folder that you
want to decrypt.
back to the top
REFERENCES For additional information about EFS, visit the following
Microsoft Web site: For additional information about remotely encrypting files
and folders on a server, click the following article number to view the article
in the Microsoft Knowledge Base: 283223
Recovery of encrypted files on a server
222054 Encrypting files in Windows 2000
223316 Best practices for Encrypting File System
255742 Methods for recovering encrypted data files
For additional information
about Kerberos authentication and delegation in Windows 2000, click the
following article numbers to view the articles in the Microsoft Knowledge Base:
217098
Basic overview of Kerberos User Authentication protocol in Windows 2000
266080 Answers to frequently asked Kerberos questions
| Modification Type: | Major | Last Reviewed: | 9/8/2006 |
|---|
| Keywords: | kbhowto kbHOWTOmaster KB320044 kbAudITPro |
|---|
|