Encrypting file system
Encrypting file system is a feature in Windows 2000 that allows users to encrypt local files or folders to prevent unauthorized access to those files. You can encrypt an object by right clicking on it in Windows Explorer, selecting properties, and then, under the general tab, selecting advanced and checking Encrypt contents to secure data. The encryption uses public and private keys for encoding and decoding. But there are files you should not encrypt, as this tip, from Mitch Tullock's Windows 2000 Administration in a Nutshell, published by O'Reilly Associates, points out.
Never encrypt files in the system directory where the Windows 2000 Server boot files are located. Since the key for decrypting these files cannot be accessed until the operating system has booted and a user has logged on, Windows 2000 will not be able to start. Of course, Windows 2000 safeguards against this by preventing you from encrypting files that have the System attribute set. But if you have removed the system attribute from these files using the attrib command (perhaps while troubleshooting startup problems) and failed to reset this attribute on the files afterwards, the possibility of encryption then exists.
Did you like this tip? Like it or not, we want to know, so why not drop us a line to let us know? Or visit our tips page to rate this, and other, tips.
This was first published in March 2001