DISABLE QUOTA MANAGEMENT

Question

4. Click OK to close the Properties dialog box for the folder.The folder is now marked for encryption, and all files placed in the folder areencrypted. Folders that are marked for encryption are not actually encrypted; only thefiles within the folder are encrypted.!Exam Tip Compressed files cannot be encrypted, and encrypted files cannot be com-pressed with NTFS compression.After you encrypt the folder, when you save a file in that folder, the file is encryptedusing file encryption keys, which are fast symmetric keys designed for bulk encryption.The file is encrypted in blocks, with a different file encryption key for each block. Allthe file encryption keys are stored and encrypted in the Data Decryption field (DDF)and the Data Recovery field (DRF) in the file header.Caution If an administrator removes the password on a user account, the user account will lose all EFS-encrypted files, personal certificates, and stored passwords for Web sites or net-work resources. Each user should make a password reset disk to avoid this situation. To cre-ate a password floppy disk, open User Accounts and, under Related Tasks, click Prevent A Forgotten Password. The Forgotten Password Wizard steps you through creating the password reset disk.How to Decrypt a FolderDecrypting a folder or file refers to clearing the Encrypt Contents To Secure Data checkbox in a folder’s or file’s Advanced Attributes dialog box, which you access from thefolder’s or file’s Properties dialog box. Once decrypted, the file remains decrypted untilyou select the Encrypt Contents To Secure Data check box. The only reason you mightwant to decrypt a file is if other people need access to the folder or file—for example,if you want to share the folder or make the file available across the network.How to Control Encryption From the Command Line by Using the Cipher CommandThe Cipher command provides the capability to encrypt and decrypt files and foldersfrom a command prompt. The following example shows the available switches for theCipher command, which are described in Table 10-5:cipher [/e | /d] [/s:folder_name] [/a] [/i] [/f] [/q] [/h] [/k] [file_name [...]]Table 10-5 Cipher Command SwitchesSwitch Description/e Encrypts the specified folders. Folders are marked so any files that are added later are encrypted./d Decrypts the specified folders. Folders are marked so any files that are added later are not encrypted./s Performs the specified operation on files in the given folder and all subfolders./a Performs the specified operation on files as well as folders. Encrypted files could be decrypted when modified if the parent folder is not encrypted. Encrypt the file and the parent folder to avoid problems./i Continues performing the specified operation even after errors have occurred. By default, Cipher stops when an error is encountered./f Forces the encryption operation on all specified files, even those that are already encrypted. Files that are already encrypted are skipped by default./q Reports only the most essential information./h Displays files with the hidden or system attributes, which are not shown by default./k Creates a new file encryption key for the user running the Cipher command. Using this option causes the Cipher command to ignore all other options.file_name Specifies a pattern, file, or folder.If you run the Cipher command without parameters, it displays the encryption state ofthe current folder and any files that it contains. You can specify multiple file names anduse wildcards. You must put spaces between multiple parameters.How to Create an EFS Recovery AgentIf you lose your file encryption certificate and associated private key through disk fail-ure or for any other reason, a user account designated as the recovery agent can openthe file using his or her own certificate and associated private key. If the recovery agentis on another computer in the network, send the file to the recovery agent.

DISABLE QUOTA MANAGEMENT

4. Click OK to close the Properties dialog box for the folder.

The folder is now marked for encryption, and all files placed in the folder are

encrypted. Folders that are marked for encryption are not actually encrypted; only the

files within the folder are encrypted.

!

Exam Tip Compressed files cannot be encrypted, and encrypted files cannot be com-

pressed with NTFS compression.

After you encrypt the folder, when you save a file in that folder, the file is encrypted

using file encryption keys, which are fast symmetric keys designed for bulk encryption.

The file is encrypted in blocks, with a different file encryption key for each block. All

the file encryption keys are stored and encrypted in the Data Decryption field (DDF)

and the Data Recovery field (DRF) in the file header.

Caution If an administrator removes the password on a user account, the user account will

lose all EFS-encrypted files, personal certificates, and stored passwords for Web sites or net-

work resources. Each user should make a password reset disk to avoid this situation. To cre-

ate a password floppy disk, open User Accounts and, under Related Tasks, click Prevent A

Forgotten Password. The Forgotten Password Wizard steps you through creating the password

reset disk.

How to Decrypt a Folder

Decrypting a folder or file refers to clearing the Encrypt Contents To Secure Data check

box in a folder’s or file’s Advanced Attributes dialog box, which you access from the

folder’s or file’s Properties dialog box. Once decrypted, the file remains decrypted until

you select the Encrypt Contents To Secure Data check box. The only reason you might

want to decrypt a file is if other people need access to the folder or file—for example,

if you want to share the folder or make the file available across the network.

How to Control Encryption From the Command Line by Using the Cipher

Command

The Cipher command provides the capability to encrypt and decrypt files and folders

from a command prompt. The following example shows the available switches for the

Cipher command, which are described in Table 10-5:

Cipher Command Switches

Switch Description

/e Encrypts the specified folders. Folders are marked so any files that are added later

are encrypted.

/d Decrypts the specified folders. Folders are marked so any files that are added later

are not encrypted.

/s Performs the specified operation on files in the given folder and all subfolders.

/a Performs the specified operation on files as well as folders. Encrypted files could

be decrypted when modified if the parent folder is not encrypted. Encrypt the file

and the parent folder to avoid problems.

/i Continues performing the specified operation even after errors have occurred. By

default, Cipher stops when an error is encountered.

/f Forces the encryption operation on all specified files, even those that are already

encrypted. Files that are already encrypted are skipped by default.

/q Reports only the most essential information.

/h Displays files with the hidden or system attributes, which are not shown by

default.

/k Creates a new file encryption key for the user running the Cipher command. Using

this option causes the Cipher command to ignore all other options.

file_name Specifies a pattern, file, or folder.

If you run the Cipher command without parameters, it displays the encryption state of

the current folder and any files that it contains. You can specify multiple file names and

use wildcards. You must put spaces between multiple parameters.

How to Create an EFS Recovery Agent

If you lose your file encryption certificate and associated private key through disk fail-

ure or for any other reason, a user account designated as the recovery agent can open

the file using his or her own certificate and associated private key. If the recovery agent

is on another computer in the network, send the file to the recovery agent.

Bạn đang xem 4. - MICROSOFT PRESS MCSA MCSE SELF PACED TRAINING KIT EXAM 70 270 PHẦN 5 PPT