HKLM\SYSTEM\CurrentControlSet\Control\FileSystem
Data type | Range | Default value |
---|---|---|
REG_SZ | Efs | Efs |
Determines which encryption service NTFS uses. EFS (Encrypting File System) is the encryption service included in Windows 2000.
This entry specifies the encryption service for NTFS. It does not cause NTFS to encrypt any files. (Files and folders on NTFS partitions are encrypted selectively on Windows 2000.) Similarly, deleting this entry does not cause NTFS to decrypt files, although removing its encryption service prevents NTFS from encrypting or decrypting files or gaining access to encrypted files.
Tip
To encrypt a file or folder on an NTFS partition, use Windows Explorer. Right-click the name of the file or folder, click Properties, click the Advanced button, and then click the Encrypt contents to secure data option.
To prevent users in a policy group from encrypting files, use Group Policy. Open the Encrypted Data Recovery Agents policy folder (Computer Configuration\Windows Settings\Security Settings\Public Key Policies) and delete all of the certificates it contains. For more information, see the Group Policy Reference, Gp.chm, on the Windows 2000 Resource Kits CD.
You can also encrypt a file or folder from the command line by using Cipher.exe, a program included in Windows 2000. For more information, at the command line, type Cipher /?.
Caution
Do not delete this entry or change its value. If you do, encrypted files become inaccessible.