Defining Client Administration and Configuration Standards |
Microsoft recommends that you format all Windows 2000 partitions that do not need to be accessed by clients running other operating systems with the NTFS file system. In the event of a system failure, NTFS uses its log file and check point information to restore the consistency of the file system. In addition, NTFS:
On NTFS volumes, you can use Group Policy to designate the following file permission options — No Access, List, Read, Add, Add and Read, Change, Full Control, Special Directory Access, and Special File Access. You can also use Group Policy to specify which users and groups have access to these volumes and what level of access is permitted.
These additional file security options allow organizations to configure more stringent file access than Windows 95 and Windows NT 4.0 Workstation. If users store sensitive information on a portable computer, they can encrypt those files and folders. If a portable computer is stolen, Windows 2000 Encrypting File System (EFS) protects its files and folders, even if the thief reinstalls Windows 2000 Professional. However, be sure that an administrator, as well as the end user, has sufficient rights to access encrypted files and folders.