Encrypting File System (EFS): Frequently Asked Questions

[Return to EFS: LSU Overview

Disclaimer: To use EFS, please consult your Technology Support Professional or IT Contact before encrypting your data.

What is EFS- Encrypting File System?

The EFS or Encrypting File System is a file system available in Microsoft's Windows operating systems. The technology transparently allows files to be stored encrypted on NTFS file systems to protect confidential data from attackers with physical access to the computer. 

EFS uses public key cryptography to encrypt files seamlessly within Windows.

NTFS or New Technology File System is the standard file system of Windows.

Disadvantages of EFS in the LSU Environment

EFS will not protect files transferred from one computer to another. It is only file system level encryption. EFS cannot be used to encrypt an entire drive’s contents because it is only used to decrypt in the context of a user’s rights. Hence, system files accessed by the system once encrypted under a user’s rights will no longer be viewable by the system.

EFS is a very powerful and potentially dangerous tool. With this in mind, consider carefully what files and folders to encrypt. For most users the best practices are to encrypt “My Documents” folder, the Outlook Application folder within the Documents and Settings folder, the Desktop Folder and any other folders used to store day-to-day documents and data. 

Advantages of EFS in the LSU Environment

Information Technology Services (ITS) put into production an internally trusted Certificate Authority which can issue certificates that are very secure and plug directly into our Active Directory. Certificates can be issued automatically and files can be seamlessly encrypted. This is especially useful on laptops in the event that they are stolen to protect documents that may contain Personally Identifiable Information (PII). There is also a recovery key that is assigned to IT Security and Policy Office personnel that can be used to recover files if needed.

How Hard is it to Use EFS?

EFS can be utilized almost immediately. Once your IT administrator/contact has set up your options on the OU level, you will be able to encrypt/decrypt files with a simple right-click procedure. Consult your IT administrator/contact for this setup. 

Image of Documents and Settings window

What Happens if I Can Not Decrypt my Data?

EFS has to be used in the context of a user’s profile. If you have access to data that was encrypted using someone else’s profile or for some reason you can’t log on to your machine, IT Security and Policy Office personnel will be able to recover the data for you. The data will need to be copied to another computer, decrypted, and copied back. Your IT administrator/contact working in conjunction with IT Security and Policy Office will be able to recover encrypted files. 

Some helpful EFS files are available at TigerWare.

Note: If you have any questions or concerns please contact the IT Security and Policy Office at pki@lsu.edu

4/25/2014 1:41:29 PM  

We love feedback! Please help us improve this article.

Article Rating:
Email Address:
(Optional, unless you would like to hear back from us)
GROK is a resource of Louisiana State University developed and maintained with support of the LSU Student Technology Fee.  We love getting feedback from the general public, but our one on one support efforts are generally dedicated to the LSU community.  Thanks for your understanding!
"" ""

Information Technology Services
200 Frey Computing Center · Baton Rouge, LA 70803
Telephone: 225-578-3700 · Fax: 225-578-3709 · E-mail: helpdesk@lsu.edu

Copyright © 2006. All Rights Reserved. Official Webpage of Louisiana State University.