The Windows XP operating system provides a number of enhancements in data protection -- specifically Encrypting File System (EFS). This article details the specifics of performing cryptographic operations on offline files and seeks to help system designers and administrators develop the best way to create data recovery and data protection strategies with Windows XP. Performing Encryption Operations on Offline Files
The Windows 2000 operating system introduces the ability to perform cache processing on offline files (also known as Client Side Cache Technology [CSC]). This IntelliMirror management technology will allow network users to implement access calls for file shares based on network shares, even if the connection between the client computer and the network system is broken. For example, when a mobile user views a shared resource while offline, he or she can still perform browsing, reading, and editing operations on the target file, mainly because the related file has been read into the client. The computer's buffer memory. When the user connects to the server later, the system will coordinate with the server for the relevant modifications. Windows XP clients can set offline files and folders to accept encryption processing with an encrypted file system. Some professionals travel a lot and need to work offline on a regular basis while keeping their data secure. This feature is especially attractive for such users. Universal Database
A general-purpose database based on a local computer can be used to perform storage operations on all user files and to limit access call objects to the above file scope through an accurate access control list (ACL). The database can display related files in a special way - hide the database structure and format, and show the appearance of the ordinary folder. Other user files and folders are neither displayed nor accessible to other users. When the offline file is encrypted, the entire database will be encrypted with the aid of the EFS computer certificate. Individual files and folders will not be selected for decryption. In this way, the entire offline file database will be protected from malicious attacks using the localized EFS features that have been activated by default. A limiting factor
The inherent limitation of encrypting an offline file database is that files and folders will not be presented to the user in other alternative colors while working offline. Remote servers may also selectively apply file and folder encryption features while online, so when you display encrypted files online and offline, users will see different effects. Important: CSC usually runs as a SYSTEM process and is therefore available for any user to implement access calls. Not only that, but other processes that also run in the SYSTEM process or temporarily act as the SYSTEM process can also make access calls to the CSC. This includes administrators based on local computers. For this reason, whenever sensitive data is stored to an offline folder, administrative access should be restricted to specific users, and SYSKEY should be used to defend against offline attacks. Performing Encryption Operations on Offline Files
Users can select the Folder Options command on the Tools menu in Windows Explorer and make settings for folder options in the subsequent dialog boxes. To set the encrypted offline file property to active. Description: This option is only available in Windows XP Professional. Please select the Offline Files tab as shown below. Select the Offline Files tab
Select both the Enable Offline Files and Encrypt offline files to secure data check boxes. Click OK. Offline files will be encrypted while being read into the local cache with the help of a private key and certificate provided to the client computer user. Important: Do not encrypt files that have been stored in the roaming user configuration, mainly because the file cannot be opened by the system once it is loaded during the login process.