Full Form of EFS:
Encryption File System
EFS Full Form is Encryption File System. A new feature is launched in the NTFS’s 3.0 version that offers encryption at the level of the file system. This feature is called EFS or Encryption File System. This technology helps by encrypting the files transparently, which ultimately leads to the protection of the confidential data and files from those attackers who can access the computer physically. All versions of the Windows operating system have the EFS feature. Although default does not do encryption of files, users can enable the encryption option on the basis of per-drive, per-directory or per-file.
In the domain environments of Windows, Group Policy can also mandate some settings of EFS. One of the security vulnerabilities in EFS of Windows 2000 is that files can be decrypted easily by utilizing the account of the local administrator. The default agent of data recovery acts as the local administrator in Windows 2000. The local administrator can decrypt all files that have been encrypted by local users with the help of EFS. In Windows 2000, the functioning of EFS is not possible in the absence of a recovery agent.
Hence, there is always a person who can perform decryption of the files that are encrypted by the users. Any person, who takes over the account of the local administrator, can perform EFS decryption without any authorization on any Windows 2000 Computer, which is of a non-domain-joined nature. Additionally, many websites on the world wide web provide multiple tools for hacking an administrator account, making the issue all the more trivial.