Encrypting search index using EFS

windows encryption windows-search efs

Read the reasoning for not just encrypting just the index in this TechNet page

Encrypting the Index To encrypt the index file itself, we recommend that you encrypt the entire volume containing the index with BitLocker or another 3rd party full-volume encryption option. This provides strong protection against offline attacks; online attacks are still possible by users with administrator access. BitLocker Drive Encryption provides enhanced protection against data theft by encrypting data operating system and data volumes. In Windows 7, BitLocker Drive Encryption works on removable drives. We strongly recommend also BitLocking operating system volumes if you BitLock data volumes.

While the Encrypting File System (EFS) can also be used, it is not recommended. The Windows Search service runs under the LocalSystem account and needs access to the index files. As a result, EFS keys associated with the LocalSystem account must be used to encrypt the index files. Consequently, the index files are open to the following attacks:

  • Online: Any administrative user can gain access to the encrypted index files by simply impersonating the LocalSystem account. (Existing tools on the web make this a trivial task.)

  • Offline: The key that is used by the LocalSystem account to decrypt files is stored on the machine in an obfuscated state. Someone with physical access to the machine can use existing tools on the web to retrieve this key and access the encrypted index files.

Related

Linux Flash Player with 2 Monitors: always full-screen on primary monitor
Outlook shows the Name associated with the email address in the From and To fields. How can I change that to see actual email address only?
What is the difference between hardware and software virtualization?
Can you hibernate/reboot in Linux instead of hibernate/poweroff?
Windows Explorer slow response when disconnect from the network
Chrome Equivalent of %s address bar trick in Firefox [duplicate]
Reading the contents of a .bkf file using a non-Microsoft OS
Why my browsers display XML files as blank pages?
How to install several Tomcat instances on Ubuntu?
How to build a NAS?
How to prepare WiFi for an on-stage demo?
Why doesn't SuperGenPass work on some sites when I use Chrome?