Results 1 to 1 of 1

Thread: Change EFS Public Key Policy

  1. #1
    Administrator Lloyd_mcse's Avatar
    Join Date
    Jun 2008
    Sudbury, Suffolk

    Default Change EFS Public Key Policy

    If you feel the standard EFS Certificate is not good enough you can change the type and public key size...

    RSA Options
    2048 Bit SHA1 (Default)
    4096 Bit SHA1
    8192 Bit SHA1
    16384 Bit SHA1

    ECC Options
    256 SHA256
    384 SHA384
    521 SHA512

    To do this go to...

    Control Panel -> Administrative Tools -> Local Security Policy

    And browse to

    Public Key Policies -> Encrypting File System,

    Local Security Policy .png

    and right click on the folder "Encrypting File System" and click Properties, which opens this windows...


    Change "File Encryption using Encrypting File System (EFS)" from "Not Defined" to "Allow" and change "Elliptic Curve Cryptography" to "Allow". If you want to create a ECC certificate this must be set to "Require".

    Now click on the Certificates tab...


    You should see the above window, here you can select the strength of both RSA and ECC certificates.
    Once you have selected what you want click Apply and Ok to close the window.

    To create you new certificate follow this guide making sure you update your previously encrypted files so they are encrypted with your new certificate.

    Last edited by Lloyd_mcse; 13-03-2015 at 10:07.

    Main PC : Intel i9-9900K | ASUS Maximus XI Hero | 32GB Corsair Vengeance LPX 3000MHz | ASUS GTX 1060 OC 6GB Expedition | 1x Samsung 850 Pro 512GB | 2x WD 1TB Black | ASUS STRIX SOAR | Coolermaster CM 690 II USB 3.0 | Corsair AX860i Digital | Corsair H100i PRO

    | Windows 10 Professional x64 |
    | Full PC List |

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts