One compelling reason to use Windows 2000 Professional is the addition of the many management tools in Win2K Server and Win2K Pro. You can easily centralize Win2K's client management using built-in tools that range from Active Directory (AD) to IntelliMirror. Veteran Windows NT administrators can appreciate the improvements to the group and security policy models, and the collection of all of the tools into the common Microsoft Management Console (MMC) interface makes them easier to use.
Many Win2K tools and features are available to the end user, but there seems to be a dearth of information about them. Simply determining where all of the tools reside can be a problem. Finding information about how the tools work isn't much easier (one reason for reading Windows 2000 Magazine), and finding out how the tools interact with each other often requires substantial research.
During one of my archeological excavations of the Microsoft Web site, I found a location that tries to bring together all of the information about understanding, using, and deploying the Win2K management tools. The Management Services home page is definitely worth a bookmark if you need this information. Given Microsoft's propensity to reorganize its Web sites, I suggest you download as much as possible of the useful information found there.
This week's tip:
With NTFS 5, you can encrypt individual files and directories from Win2K Explorer. Simply right-click the file or folder, select Properties, and click Advanced. Under the Compress or Encrypt attributes section, check the "Encrypt contents to secure data" box. I've discussed the importance of having a copy of the encryption key handy in case you crash your system. This week, I show you the command line version of the encryption dialog.
Type "cipher" at the command prompt in the directory that you're interested in to get a report on the encryption status of all objects in the current directory.
The cipher command lets you encrypt entire trees of folders and files. You can even unencrypt files or re-encrypt currently encrypted files. Typing "cipher /?" returns the following:
Displays or alters the encryption of directories \[files\] on NTFS partitions. CIPHER \[/E | /D\] \[/S:dir\] \[/A\] \[/I\] \[/F\] \[/Q\] \[/H\] \[/K\] \[pathname \[...\]\] /E Encrypts the specified directories. Directories will be marked so that files added afterward will be encrypted. /D Decrypts the specified directories. Directories will be marked so that files added afterward will not be encrypted. /S Performs the specified operation on directories in the given directory and all subdirectories. /A Operation for files as well as directories. The encrypted file could become decrypted when it is modified if the parent directory is not encrypted. It is recommended that you encrypt the file and the parent directory. /I Continues performing the specified operation even after errors have occurred. By default, CIPHER stops when an error is encountered. /F Forces the encryption operation on all specified objects, even those which are already encrypted. Already-encrypted objects are skipped by default. /Q Reports only the most essential information. /H Displays files with the hidden or system attributes. These files are omitted by default. /K Creates a new file encryption key for the user running CIPHER. If this option is chosen, all the other options will be ignored. pathname Specifies a pattern, file or directory. Used without parameters, CIPHER displays the encryption state of the current directory and any files it contains. You may use multiple directory names and wildcards. You must put paces between multiple parameters.
Cypher is a powerful and useful command line tool. Exploring it is worthwhile if you have any interest in Win2K's Encrypting File System (EFS).