Since this is so transparent to the user, you have to figure there is a lot of work going on in the background. It all starts when a user wants to encrypt a file.
Once a user has specified that a file be encrypted, the actual process of data encryption and decryption is completely transparent to the user. The user does not need to understand this process. For the sake of the security administrator, it might be good thing to understand the process.
When you are talking about encryption and decryption, you are talking both per file and for an entire folder. The encryption for a folder is transparent. All the files and subfolders created in an encrypted folder are automatically encrypted. Each file has a unique encryption key. The file does not have to be decrypted to use it—EFS automatically takes care of that for you.
EFS will go out and locate the user's file encryption key from the systems key store and apply it.
Was this article helpful?