Extra-Secure EFS

by Mitch Tulloch [Published on 29 Aug. 2006 / Last Updated on 29 Aug. 2006]

How to increase EFS security on Windows XP.

By default, the Encrypting File System (EFS) feature uses DESX as its encryption algorithm, but this is no longer as secure as it once was given recent advances in cryptanalysis. You can make EFS even more secure however on Windows XP computers by using 3DES, and this can be configured using the following Group Policy setting:

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing

This will cause XP to use 3DES instead of DESX for EFS encryption. Note that this setting is not needed for Windows Server 2003 computers which use AES by default for EFS.

The Author — Mitch Tulloch

Mitch Tulloch is a widely recognized expert on Windows administration, networking, and security. He has been repeatedly awarded Most Valuable Professional (MVP) status by Microsoft for his outstanding contributions in supporting users who deploy and use Microsoft platforms, products and solutions. Mitch has published over two hundred articles on different IT websites and magazines, and he has written or contributed to almost two dozen books and is lead author for the Windows 7 Resource Kit from Microsoft Press. For more information, see www.mtit.com .

Latest Contributions

Featured Links