Previous Page | Next Page

  1. Introduction
  2. Windows 2000 Professional
  3. Windows 2000 Server
  4. Windows 2000 Advanced Server
  5. Windows 2000 Datacenter Server
  6. Application Support
  7. System Operation
  8. Disks and Volumes
  9. Filesystems
  10. Configuration Files
  11. Security
  12. Network Support
  13. Access Management
  14. Processes
  15. AD Structure
  16. AD Objects
  17. AD Object Naming
  18. AD Schema
  19. AD Sites
  20. Domains
  21. AD Functions
  22. AD Replication
  23. DNS
  24. AD Security
  25. AD Installation
  26. AD Configuration
  27. AD Performance
  28. Installation
  29. Installation Options
  30. Unattended Installation
  31. Software Distribution
  32. Remote Installation Service
  33. Language
  34. Accessibility
  35. File Attributes
  36. Shares
  37. Distributed File System
  38. Control Panel
  39. Active Directory Tools
  40. Computer Management Console Tools
  41. MMC Tools
  42. Network Tools
  43. Network Monitor
  44. System Performance Monitoring
  45. Tools
  46. Managing Services
  47. Connections
  48. TCP/IP
  49. DHCP
  50. Printing
  51. Routing
  52. IPSec
  53. ICS
  54. Fault Tolerance
  55. Backup
  56. System Failure
  57. Services
  58. Remote Access
  59. WINS
  60. IIS
  61. Certificate Server
  62. Terminal Services
  63. Web Services
  64. Authentication
  65. Accounts
  66. Permissions
  67. Groups
  68. User Rights and Auditing
  69. Auditing
  70. User Profiles
  71. Policies
  72. Group Policies
  73. Miscellaneous
  74. Terms
  75. Credits

Windows 2000 File Attributes

  • Archive - The directory or file has been changed since it was last backed up.
  • Compress - The directory or file is compressed on an NTFS volume. The directory or file cannot be compressed and encrypted.
  • Encrypt - The directory or file is encrypted on an NTFS volume. The directory or file cannot be encrypted and compressed. Encryption is provided by the Encrypting File System (EFS) which comes with and is installed automatically on Windows 2000 systems. The user who encrypted the file or a local or domain administrator can decrypt encrypted files. The administrator account is called a recovery agent because it has a global key which can decrypt any files. Group policy can be used to make other accounts recovery agents.
  • Hidden - The directory or file is invisible to a normal directory search and cannot be copied or deleted.
  • Index - The directory or file is indexed by the Windows Indexing Service on an NTFS volume. Once files are indexed, Windows Explorer can find files that contain specific phrases or words.
  • Read-only - The directory or file cannot be modified by writing to it or deleting it.
  • System - The directory or file is needed by the operating system. Files with this attribute set are read-only and hidden, even if those attributes are not set.

Encrypting File System

If a user encrypts files, then leaves, the administrator is an EFS recovery agent and can decrypt the file. An EFS recovery agent has a certificate allowing them ot unencrypt files. The user that is a recovery agent can have their certificate removed and stored on a floppy until needed. This prevents accidental viewing of secure files by unauthorized persons, even the administrator.

  • A recovery agent certificate can be requested using the MMC Certificate snap-in command line utility by typing "mmc" on the command line and selecting "Certificates" after selecting "Console", "Add/Remove snap-in", and "Add". A user may be made a recovery agent using this snap-in.
  • The administrative tool, "Active Directory Users and Computers" is used to designate recovery agents.
  • The control panel "Internet Options" applet is used to remove EFS recovery agent certificates.