Extra-Secure EFS

  • Section(s): Security
  • Published on Aug 29, 2006.
  • Last Modified on Aug 29, 2006.
  • Last Modified by Mitch Tulloch.
  • Rated 3.5 out of 5 based on 2 votes.
How to increase EFS security on Windows XP.

By default, the Encrypting File System (EFS) feature uses DESX as its encryption algorithm, but this is no longer as secure as it once was given recent advances in cryptanalysis. You can make EFS even more secure however on Windows XP computers by using 3DES, and this can be configured using the following Group Policy setting:

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing

This will cause XP to use 3DES instead of DESX for EFS encryption. Note that this setting is not needed for Windows Server 2003 computers which use AES by default for EFS.

About Mitch Tulloch

Mitch Tulloch was lead author for the Windows Vista Resource Kit from Microsoft Press, which is the book for IT pros who want to deploy, maintain and support Windows Vista in mid- and large-sized network environments. Mitch was also the author of Introducing Windows Server 2008 and technical project lead for the Microsoft Office Communications Server 2007 Resource Kit, both books also from Microsoft Press. For more information on these and other books by Mitch, see www.mtit.com .

Share this article


Article not looking right or info is missing? Let us know so that we can fix it: .


Receive all the latest articles by email!

Receive Real-Time & Monthly WindowsNetworking.com article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become a WindowsNetworking.com member!

Discuss your network issues with thousands of other network administrators. Click here to join!

Community Area

Log in | Register

Readers' Choice

Which is your preferred Network Inventory solution?