Trying to figure out if protecting data on a machine, server, workstation, or laptop using EFS is what it's cracked out to be. From what I understand in order to use EFS the user must have their private key, now ideally it is stored in the users profile in order to streamline the access to his or her files, otherwise any time they want to use an encrypted file they would have to supply the private key which would be a pain in the butt. So now lets say you encrypted your Secret directory on your machine with EFS and your machine was stolen. The thief has your machine and your private key lives in your user profile, can they somehow get to your EFS encrypted folder? I know permissions play a role in this, but if we trusted permissions we wouldn't have to worry about encryption would we? Isn't this like giving a lock and a key to someone? Does this make any sense, can someone shed some light on this for me please?

The private key for an EFS certificate is stored in the user profile, however, it is encrypted with the Data Protection API or DPAPI. Permissions don't come into play here. In order to get access to the private key the thief would need to crack your password. Not impossible but certainly a lot more difficult than simply changing permissions. You can make things even harder on the thief by adding Bitlocker and if you're using Vista or above you can make it even more secure by storing the EFS certificate and private key on a smart card.Paul Adare CTO IdentIT Inc. ILM MVP

Hi, You can refer to the following article for more information: The Encrypting File System http://technet.microsoft.com/en-us/library/cc700811.aspx Thanks.This posting is provided "AS IS" with no warranties, and confers no rights.