Does anyone have experience using winxp encryption file service?

[AnnieMS]

2/23/10 edit- I'm assuming no one actually uses ntfs file encryption. Is that because the setup is too involved or because the certificate/user's profile/or Sam restores failed? I haven't used windows backup since 2004 because ever time I went to restore it didn't.

I have a tablet pc running win xp tab ed on ntfs formatted drive. I would like to secure the files so that I can take the tablet out of the house, but I don't want to lock myself out of my files.

Per my reading, files/folders encrypted via EFS are very hard to crack and the files would remain encrypted even if the hd was accessed outside of the OS. My concern is Windows not recognizing the key it generates, like if SAM gets corrupted, and being forever locked out.

The key is generated from the user's password and I'm assuming that one could later change the password regularly per security recs & the new pws would be linked somehow to the key, but I haven't actually read that. Would using the Forgotten Password utility affect the key?

To ensure access to the encrypted files one would need to create the recovery agent, generate & back up a recovery certificate, backup the user's profile, and back up SAM. And maybe something else I haven't read about yet.

Has anyone done all this successfully and has anyone been able to restore their user's profile or SAM or a recovery certificate when necessary?

Also, if you use Windows backup the files remain encrypted. What happens if you have to reinstall windows and new SIDs are generated for all accounts, including the recovery agent. Would you be able to access the encrypted files from the backup?

Edited February 23, 2010 by AnnieMS

[genu]

you have a high chance that your files are NOT being accessible ... even when the certification server is on a different machine and your backup is not damaged in any way.

get informed about efs ... then you know why no one is answering your question(s). don't get me wrong efs is secure ... a little bit too secure from my point of view.

i suggest truecrypt for your purposes with a container file.

regards, genu