New Features Available By Windows Version
- Windows XP
- Encryption of the Client-Side Cache (Offline Files database)
- Protection of DPAPI Master Key backup using domain-wide public key
- Autoenrollment of user certificates (including EFS certificates)
- Multiple-user (shared) access to encrypted files (on a file-by-file basis) and revocation checking on certificates used when sharing encrypted files
- Encrypted files can be shown in an alternate color (green by default)
- No requirement for mandatory Recovery Agent
- Warning when files may be getting silently decrypted when moving to an unsupported file system
- Password reset disk
- EFS over WebDAV and remote encryption for servers delegated in Active Directory
- Windows XP SP1
- Support for and default use of AES-256 symmetric encryption algorithm for all EFS-encrypted files
- Windows XP SP2 + KB 912761
- Prevent enrollment of self-signed EFS certificates
- Windows Server 2003
- Digital Identity Management Service
- Enforcement of RSAKeyLength setting for enforcing a minimum key length when enrolling self-signed EFS certificates
- Windows Vista and Windows Server 2008
- Per-user encryption of Client-Side Cache (Offline Files)
- Support for storing (user or DRA) RSA private keys on a PC/SC smart card
- EFS Re-Key Wizard
- EFS Key backup prompts
- Support for deriving DPAPI Master Key from PC/SC smart card
- Support for encryption of pagefile.sys
- Protection of EFS-related secrets using BitLocker (Enterprise or Ultimate edition of Windows Vista)
- Group Policy controls to enforce:
- Encryption of Documents folder
- Offline files encryption
- Indexing of encrypted files
- Requiring smart card for EFS
- Creating a caching-capable user key from smart card
- Displaying a key backup notification when a user key is created or changed
- Specifying the certificate template used for enrolling EFS certificates automatically
- Windows Server 2008
- EFS self-signed certificates enrolled on the Windows Server 2008 server will default to 2048-bit RSA key length
- All EFS templates (user and data recovery agent certificates) default to 2048-bit RSA key length
- Windows 7 and Windows Server 2008 R2
- Elliptic-curve cryptographic algorithms (ECC). Windows 7 supports a mixed mode operation of ECC and RSA algorithms for backward compatibility
- EFS self-signed certificates, when using ECC, will use 256-bit key by default.
- EFS can be configured to use 1K/2k/4k/8k/16k-bit keys when using self-signed RSA certificates, or 256/384/512-bit keys when using ECC certificates.
Read more about this topic: Encrypting File System
Famous quotes containing the words features, windows and/or version:
“The features of our face are hardly more than gestures which force of habit made permanent. Nature, like the destruction of Pompeii, like the metamorphosis of a nymph into a tree, has arrested us in an accustomed movement.”
—Marcel Proust (18711922)
“The frost was on the village roofs as white as ocean foam;
The good red fires were burning bright in every longshore home;
The windows sparkled clear, and the chimneys volleyed out;
And I vow we sniffed the victuals as the vessel went about.”
—Robert Louis Stevenson (18501894)
“I should think that an ordinary copy of the King James version would have been good enough for those Congressmen.”
—Calvin Coolidge (18721933)