Extra-Secure EFS

by Mitch Tulloch [Published on 29 Aug. 2006 / Last Updated on 29 Aug. 2006]

How to increase EFS security on Windows XP.

By default, the Encrypting File System (EFS) feature uses DESX as its encryption algorithm, but this is no longer as secure as it once was given recent advances in cryptanalysis. You can make EFS even more secure however on Windows XP computers by using 3DES, and this can be configured using the following Group Policy setting:

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing

This will cause XP to use 3DES instead of DESX for EFS encryption. Note that this setting is not needed for Windows Server 2003 computers which use AES by default for EFS.

See Also

The Author — Mitch Tulloch

Mitch Tulloch is a well-known expert on Windows Server administration and cloud computing technologies. He has published over a thousand articles on information technology topics and has written, contributed to or been series editor for over 50 books.

Featured Links