Printing EFS Files

An EFS file is as transparent to a printer or other output device as it is to the monitor. If you can read an encrypted file on screen, it prints in plaintext. If you cannot read it on screen, you cannot print it.

This transparency requires that the same physical controls imposed on the computer also be imposed on the printer. The printer itself and the cabling to it must be secured so that an attacker cannot tap into them. If you print with a print server, the server must also be secured.

During printing, Windows 2000 copies the print job onto a spool (.spl) file that resides on the local print provider. In local printing, the local print provider on the local computer is used. In client/server printing, this is bypassed, and the .spl file resides on the local print provider of the server.

By default, .spl files are stored in the SystemRoot \System32\Spool\Printers folder. If that folder is unencrypted (as it generally is), the encryption that was in the original file is lost. You can avoid this by encrypting the folder, but this would slow processing by causing every .spl file to be encrypted. A better way is to create a special printer for encrypted files. This printer might use the same print hardware device, but with different print instructions. It should be local and unshared, and it should bypass the default folder by using one of the two following techniques:

  • Select the Print directly to the printer check box on the Advanced page of the printer's Properties dialog box. The print job is not spooled, and no .spl file is created.


Unspooled print jobs cannot be scheduled or prioritized.

  • Create an encrypted folder and specify that .spl files are to be routed to it. The procedure is described in "Network Printing" in the Microsoft ® Windows ®  2000 Server Resource Kit Server Operations Guide .

By default, when the print job is complete, the .spl file is deleted. You can override the default by selecting the Keep printed documents check box on the Advanced page. If you select this option, you can resubmit a document to the printer from the printer queue instead of from the program. This is not recommended because the security risk does not outweigh the benefit. Even though the .spl files are encrypted, it is not a good practice to leave multiple copies of sensitive data in different folders.