Windows is concidered large operating system.
comperd to light OS's like DSL (Damn Small Linux) windows size (over 6GB in Vista, 1.3GB in xp) is pretty big, that is mainly (but not only) because Microsoft cramped inside windows as much (basic) utilities as they could to let the user work "out of the box" without the need for 3rd parties, such as web browser, basic notepad, painter, file manager etc.
one of those tools is the EFS, or, Enchrypted Files System.
What is Enchrypted File System?
EFS is, just as it name may apply, a tool to allow users enchrypting files, making them unreadable by other people
How does it work?
Long time ego, during the second world war, germany had the need of sending messages to its sub commanders to lunch timed attacks, problem was - the british/franch/us forces were listening to all of the lines of communication and any transmition to the subs would've reveal where the subs are and when will the subs attack and where.
the german intelligence then invented theEnigma, without going into details, it was a basic encription machine that had levers putted in different placed (creating something similar to a "code") and used it to modify the input recieved by it thus making the data unreadable unless you put the levers on the same places (producing the same "code") and punch in the chrypted message in order to dechrypt it.
it may have been a basic machine, with several flaws, but it did lay down the basics for most future chrypting algorithems.
on EFS, the idea is basically remains the same, each file is enchrypted in a symetric key (a long code which is used for encrypting the file, and if you'll use the same key to "encrypt" the file again - it'll be decrypt), and then each key is crypted with assymetric key (unlike symetric, you can't use this key to decrypt the symetric key), the reason why this is done is because using asymetric key to encrypt files is slow process so its more logical to do do so on "2048" bytes (thats 2048 characters of code length) then on this 1GB file, the assymetric key is derived from your password and will change whenever you change your password, so periodicly changing your password will make sure its even harder to hack into your encrypted files.
Which Windows versions can I use to encrypt files using EFS?EFS is supported starting windows 2000, however only starting windows XP and so on you can allow different users to access the encrypted data and means for data recovery also exist in windows XP and later versions only
EFS is NOT supported in any of the "home" editions (xp home, vista basic and vista home premium)
How to Enable EFS on windows (important prerequisits)
EFS is enabled by default, but the first thing we MUST do is designate a user that can act as data recovery user, in case our password is beeing reset, forgotten, user profile is deleted etc.
so to do that - login as the data recovery user (preferably "administrator"), open up CMD and punch in the next command:
cipher /R:EFS
this command will create 2 files:
efs.cer - which is the administrator certificate (the profe he is "administrator" and not some other user)
efs.pfx - the private key of the administrator, the "code" that he uses to encrypt files with, anyone having this file can impersonate him, so don't leave this file on the computer, copy it on removable storage and lock it away (it will become handy if the administrator user is deleted among other hazards that may make your data unavailable).
you'll need to punch in a password to protect the PFX, make sure to remember that one or it'll be useless
ok, after we got those 2 files, lets make sure our administrator can actually access any ecrypted file on the system.
go to start --> run, write in "secpol.msc"
on the screen you get, go to "public key policies" --> "encrypted file system", right click on that one and select "add data recovery agent. click "next", find the CER file, next, finish.
no right click --> properties on the new certificate you see on the right side of the screen. select "enable only the folowing purposes" and mark "file recovery"
congratulations - now you can fix things up in case they are screwed up.
How to Use EFS on windows.
this is quite easy actually, once the recovery agent is set up (or a "no recovery agent needed" policy is set up, but I wont explain how to do so as its idiotic and dangerous) all you have to do is right click --> properties" on a file or folder, select "advanced" and mark "encrypt content to secure data".
.gif)
congretulations, your first file is now encrypted and your user (and the data recovery user) is the only one able to access it.
you may notice the file became green, that is the mark of encryption.
if you wish to add different users to be able to read the encrypted file, simply go back to properties --> advanced, no the "details" button is no longer grayed out, click it and you'll recieve the next screen:
you can see your username at the top ("all"), where you can add more users, and the data recovery user ("administrator") at the buttom.note - if you want to add a user, you should add its CER file (like we did with the user "administrator" in the beginning) and not only punch in its name.
Thats all there is to it actually (from a user point of view, that is)
please note that:
- file can be encrypted on NTFS volums only, it can't work on FAT32
- if you encrypt file on NTFS volume and copy it to FAT32 partition, the file will be decrypted and anyone can access it
- same things goes for copying encrypted file to a NT4 based machine
This blog have been moved to http://ponline-space.net/
hope to see you there!
Windows 1.01 (windows 1.0 was never released) was introduced around the year of 1985 and was supported by DOS 3.1, it offered limited multi-tasking and graphic interface for users (it supported mouse as well) and had the folowing programs in it (count how many of them are still with us today): Calculator, Calendar, Cardfile, Clipboard viewer, Clock, Control Panel, Notepad, Paint, Reversi, Terminal, and Write.
Windows 3.0 (1990) was remembered by the great improvement of memory usage and user interface (sounds like XP's annoucement, no? :) ), file manager was finally introduced and saved the trouble of going into DOS and find files there and offered, it was also the first version of windows sold preinstalled on Harddisks (much like OEM nodays)
Windows 3.1 and later 3.11, was the final version of windows not as an operating system (not so true, more details along the way), that was major upgrade to windows 3.0, in included workgroup support, true-type fonts, a 32 bit support (anyone remember we once used 8 and 16 bit computers?) and the introduction of internet explorer
Couple of years past, and windows 95 was introduced, the first Windows to come as a stand alone OS... or is it? windows 95 was actually a major improvement of windows 3.11, it did boot the computer streight to it, giving the feeling as if its the OS, but "under the hood" it was actually MS-DOS version 7, the other new things in this version (and there were a lot) were standardization of windows creations (the title, close/maximize/minimize buttons etc.) that are still in use even until today, long filenames, the introduction of PlugnPlay and the registry, and as usual - major GUI improvement 
another 2 years past - and another version of windows shows up, this time its the windows 98's turn, this was the first windows version to use WDM (Windows Driver Module), basically its a unified driver module that standardizing requirements and reducing the amount of code that needed to be written for hardware drivers across different windows versions (98 and up, and 2000 and up), lots of stability fixes (which made 98, and later on 98SE the most favorable windows version of its time).
2 years have past, and its time for a new-born-windows OS of the NT family, windows 2000 came to set things streight after the bad impression NT4 left.
cover your ears, duck and run, as the most disputed (probably even more the Vista) Operating systemis here!
Windows XP was published on 2001 to save the name of microsoft, it is the successor of windows 2000 and windows ME (killing the 9x family in the process, as it still build on NT), it initially came out in 2 versions, for home and for office, later on had more versions of it such as tablet pc and media center editions, among its features you may find improved user interface (yes, its was one of their main concerns), plus the usage of product activation instead of serial for registered users, later on support for 64 bit computers was introduced and some security features were inserted, enhancing the controll of active directory over client computers.
The server edition of windows family during the time of XP, windows 2003 was introduced, it contained significant improvement for old functions (AD improvement such as ADAM, IIS6, new version of MSMQ, internet explorer enhanced security etc.) the only new functionality was Support for a hardware-based "watchdog timer", which can restart the server if the operating system does not respond within a certain amount of time.
Finally we got to the present, windows Vista, the successor of windows XP as a client OS contains long list of changes, and for a good reason.. it took 5 years to develope, thats the longest time between 2 windows OS have ever been, among them you can find GUI update, Aero interface, superfetch, better indexing, directX10 (which'll be available for vista only), language support, and probably some other things I missed.
and we are finally at the latest release of microsoft - windows server 2008. as you may have guessed, this is the server edition of windows vista, it includes all of vista's new features, such as BitLocker and IPv6, it also includes a major update to terminal services, allowing many important features such as running in application mode rather then in desktop mode and support in RDP via HTTPS, PowerShell is integrated into this version, it can "self heal" some NTFS corruption in can find, support virtualization (without 3rd paty software) and some other features
