File System and Local Access Security Components

5/10/2007

Adding file system security components can help protect local data from unauthorized access. File system security features can include encrypting and decrypting local files, authorizing file access with access control lists (ACLs), and protecting system files.

The following tables show file system security features and the Windows XP Embedded components that must added to support them.

Encrypted File System (EFS)

EFS encrypts files or directories with a randomly generated key. This process is transparent to the user.

Required components Key binary

User Interface Core

Efsadu.dll

NTFS

Ntfs.dll

Primitive: Crypt32

Crypt32.dll

Local Security Authority Subsystem (LSASS)

Lsasrv.dll

NT File System (NTFS)

NTFS supports access control lists (ACL) to protect file system objects.

Required components Key binary

Primitive: Sfc

Sfc.dll

Windows File Protection (WFP)

WFP prevents loss or corruption of key system files.

Required components Key binary

Primitive: Sfc

Sfc.dll

Primitive: Sfcfiles

Sfcfiles.dll

Primitive: Sfcos

Sfc_os.dll

Driver Rollback

Driver rollback restores a previously installed version of a device driver.

Required components Key binary

Add Hardware Control Panel

Newdev.dll

Primitive: Setupapi

Setupapi.dll

System Restore

System Restore takes periodic snapshots of the system, and thereby allows you to restore the system to a previous state.

Required components Key binary

System Restore Core

Sr.sys, Srrstr.dll, Srsvc.dll, Srclient.dll

Volume Shadow Copy Service

Volume shadow copy service provides programs that access point-in-time copies of volumes.

Required components Key binary

Volume Shadow Copy Service

Volsnap.sys

File Sharing

Srv.sys

See Also

Concepts

NTFS Security Benefits
Encryption File System
Security Management Components

Other Resources

Add Security Features to a Run-Time Image