Article ID: 223338 - View products that this article applies to.
This article was previously published under Q223338
The Encrypting File System (EFS) is a feature of Windows 2000 that allows users to encrypt data directly on volumes that use the NTFS file system. It operates by using certificates based on the X.509 standard. If no Certificate Authority (CA) is available from which to request certificates, the EFS subsystem automatically generates its own self-signed certificates for users and default recovery agents.
There are several circumstances in which an organization may want to implement Certificate Authorities, as opposed to allowing EFS to generate its own self-signed certificates.
The following are some reasons why an organization might want to use a Certificate Authority for EFS certificate generation: