We use Microsoft's Encrypting File Service to transparently encrypt those folders you designate.
Microsoft issues this warning:
When EFS encrypts the
files on your computer, an EFS public key encrypts the files, and an EFS private
key decrypts the files. (Our note: this is all done transparently and
automatically behind the scenes) If you lose the private
key after a file is encrypted (for example, your computer installation is
destroyed), the file cannot be recovered.
If your computer is a
member of a Windows 2000 domain, the domain administrator can designate certain
users as EFS recovery agents, who can recover data even if a specific user's
private key is lost.
However, if your computer is not
participating in a Windows 2000 (or XP) domain, (for example, a stand-alone computer, or a computer in a
Microsoft Windows NT 4.0-based domain structure), the local Administrator
account is the designated EFS recovery agent.Because of this, you can recover your encrypted data only if
you previously backed up the local administrator's private
key.
See the following topics for instructions on how to backup and restore the recovery key.