NtfsEncryptionService
HKLM\SYSTEM\CurrentControlSet\Control\FileSystem
Data type |
Range |
Default value |
|---|---|---|
REG_SZ |
Efs |
Efs |
Description
Determines which encryption service the NTFS file system uses. Encrypting File System (EFS) is the encryption service included in Windows 2000.
This entry specifies the encryption service for NTFS. It does not cause NTFS to encrypt any files. (Files and folders on NTFS partitions are encrypted selectively on Windows 2000.) Similarly, deleting this entry does not cause NTFS to decrypt files, although removing its encryption service prevents NTFS from encrypting or decrypting files and from gaining access to encrypted files.
.gif)
Tip
To encrypt a file or folder on an NTFS partition, use Windows Explorer. Right-click the name of the file or folder, click Properties, click the Advanced button, and then select Encrypt contents to secure data.
To prevent users in a policy group from encrypting files, use Group Policy. Open the Encrypted Data Recovery Agents policy folder (Computer Configuration\Windows Settings\Security Settings\Public Key Policies), and delete all of the certificates it contains. For more information, see the Windows 2000 Resource Kit Group Policy Reference.
You can also encrypt a file or folder from the command line by using Cipher.exe, a program included in Windows 2000. For more information, at the command line, type Cipher /?.
.gif)
Caution
Do not delete this entry or change its value. If you do, encrypted files become inaccessible.