File System and Local Access Security Components

  • Article

Adding file system security components can help protect local data from unauthorized access. File system security features can include encrypting and decrypting local files, authorizing file access with access control lists (ACLs), and protecting system files.

The following tables show file system security features and the Windows XP Embedded components that must added to support them.

Encrypted File System (EFS)

EFS encrypts files or directories with a randomly generated key. This process is transparent to the user.

Required components Key binary
User Interface Core Efsadu.dll
NTFS Ntfs.dll
Primitive: Crypt32 Crypt32.dll
Local Security Authority Subsystem (LSASS) Lsasrv.dll

NT File System (NTFS)

NTFS supports access control lists (ACL) to protect file system objects.

Required components Key binary
Primitive: Sfc Sfc.dll

Windows File Protection (WFP)

WFP prevents loss or corruption of key system files.

Required components Key binary
Primitive: Sfc Sfc.dll
Primitive: Sfcfiles Sfcfiles.dll
Primitive: Sfcos Sfc_os.dll

Driver Rollback

Driver rollback restores a previously installed version of a device driver.

Required components Key binary
Add Hardware Control Panel Newdev.dll
Primitive: Setupapi Setupapi.dll

System Restore

System Restore takes periodic snapshots of the system, and thereby allows you to restore the system to a previous state.

Required components Key binary
System Restore Core Sr.sys, Srrstr.dll, Srsvc.dll, Srclient.dll

Volume Shadow Copy Service

Volume shadow copy service provides programs that access point-in-time copies of volumes.

Required components Key binary
Volume Shadow Copy Service Volsnap.sys
File Sharing Srv.sys

See Also

Add Security Features to a Run-Time Image | NTFS Security Benefits | Encryption File System | Security Management Components

Last updated on Wednesday, October 18, 2006

© 2006 Microsoft Corporation. All rights reserved.