Security Overview of Encrypting File System (EFS) in Windows 7 [70-680 BitLocker and EFS]
In spring of 2009 I wrote an article over on the Petri website titled Security Overview of Encrypting File System (EFS) in Windows 7 based on the beta release of Windows 7 Ultimate edition (build 6.1.7000). Below is an update / reprint of that article. (I’ve mainly removed the beta information and made any changes pertinent to the formal, RTM release of Windows 7). Encrypting File System (EFS) Overview When you want to make sure that data access is restricted only to certain individuals you can leverage NTFS permissions to deny access to everyone and to only grant access to those users by way of the access controls provided within the file system. The problem with this is that the security is bound to the file system so as ownership control is gained to the data on a given system at the level of administrator, that file system security is easily undone and access to that data becomes available. When you are the admin with admin level controls to a system you pretty much can do w