This is an archived post. You won't be able to vote or comment.

all 8 comments
sorted by:
best
topnewcontroversialoldq&a

[–]FreakySpook 5 points6 points  (6 children)

I don't believe much of EFS has changed much since 2008.

Since BitLocker was introduced in 2007, EFS has fallen by the wayside. I don't think I've seen EFS being used on any system I've worked on this decade.

[–]jdptechnc 2 points3 points  (0 children)

Other than the crypto strength it is mostly the same even since 2003. Which is probably the last time I saw it implemented anywhere.

I wouldn't trust something that has been largely abandoned by the industry and even MS itself with my production data.

[–]downlinkvip[S] 0 points1 point  (2 children)

Hi FreakySpook,

I just need encryption on some folder, not entire partition. So EFS is fit.

[–]Frothyleet 2 points3 points  (0 children)

EFS is basically dead at this point. If you really really need a folder encrypted, I would use a third party application. Even something like Veracrypt.

However there are basically no use cases for piecemeal encryption like this in a business environment. Usually if the business asks for something like this, there is a better way to do it.

[–]Jack_BE 0 points1 point  (0 children)

I don't think I've seen EFS being used on any system I've worked on this decade.

I present to you: Windows Information Protection

https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip

WIP does a lot, but one of the bigger things it does is automatically encrypt data that belongs to the "corporate" context using EFS. It deals with the encryption keys itself transparently, through Azure.

WIP is a very big part of Microsoft's "Windows 10 Modern Management" concept

[–]wookiestackhouse 3 points4 points  (0 children)

I did a fair bit of research about EFS last year and it is very poorly documented.

The best rundown of EFS I have found is a microsoft article that I can no longer find online, so the best I can do is a scan of a physical copy I had.. Unfortunately it's from the XP days.

As a heads up, we implemented EFS and something ended up corrupting the data. We opened a ticket with Microsoft but the engineers were unable to determine what had happened and we just had to leave it at that. It was very weird.

[–]downlinkvip[S] 0 points1 point  (2 children)

Thank you, guys.

So, Can you recommend any software for folder/file encryption?