Although NTFS still provides the secure file system you’re familiar with from Windows NT 4.0, there are a number of changes in terms of both functionality and configuration. The version of NTFS supplied in Windows 2000 is NTFS 5, as opposed to the NT’s version, which was version 4. (Unless you have NT 4.0 SP4 or higher, in which case it also uses NTFS 5). The new version of NTFS in Windows 2000 supports both new and old features including:
- The ability to encrypt files and folders that reside on an NTFS partition using EFS, the Encrypting File System.
- The ability to compress files and folders.
- The ability to set file and folder security permissions via access control lists.
- The ability of an administrator or user with the appropriate permissions to take ownership of files and folders.
- The ability to audit access to files and folders.
Setting file or folder encryption and compression is easy. Both are implemented as attributes, similar to the System, Read-only, Hidden, and Archive attributes that you are probably already familiar with. Both encryption and compression are set via the Advanced button on General tab of the properties of the file.
Note that although it appears as though you could choose both, encryption and compression are mutually exclusive, so you can only choose one of the two. As far as EFS encryption is concerned, only the person who encrypted a file can open it, with one exception. Windows 2000 includes a special role, set via group policy, called a Recovery Agent. A recovery agent can open an EFS encrypted file, which serves as a backup should the user leave the company or similar. By default, the only recovery agent is the Administrator of the domain (on a non-domain computer, it is the local administrator), though it can be changed to another trusted user or users.