In a previous tip, I outlined how to enable the Encrypting File System (EFS) for a folder in Vista. The local computer policy has additional settings used to further configuring EFS.

Within the local computer policy, navigate to the following container: Computer Configuration \ Windows Settings \ Security Settings \ Public Key Policies \ Encrypting File System.

Right click the Encrypting File System folder and click Properties. You can choose the Allow or Disallow EFS. If Not defined is selected, EFS is still allowed. If you select Allow, you can configure the additional options.

Additional EFS settings within the local computer policy include:

  • EFS recovery policy processing: Computer Configuration \ Administrative Templates \ System \ Group Policy – This setting determines when encryption policies are updated.
  • Do not automatically encrypt files moved to encrypted folders: Computer Configuration \ Administrative Templates \ System – This setting determines whether Windows Explorer encrypts files that are moved into an encrypted folder.
  • Encrypt the offline files cache: Computer Configuration \ Administrative Templates \ Network \ Offline Files – This setting determines whether files in the offline files cache are encrypted.
  • Allow indexing of encrypted files: Computer Configuration \ Administrative Templates \ Windows Components \ Search – This setting determines whether encrypted items can be indexed by Windows Search.