Windows – Encrypting search index using EFS

Read the reasoning for not just encrypting just the index in this TechNet page

Encrypting the Index To encrypt the index file itself, we recommend that you encrypt the entire volume containing the index with BitLocker or another 3rd party full-volume encryption option. This provides strong protection against offline attacks; online attacks are still possible by users with administrator access. BitLocker Drive Encryption provides enhanced protection against data theft by encrypting data operating system and data volumes. In Windows 7, BitLocker Drive Encryption works on removable drives. We strongly recommend also BitLocking operating system volumes if you BitLock data volumes.

While the Encrypting File System (EFS) can also be used, it is not recommended. The Windows Search service runs under the LocalSystem account and needs access to the index files. As a result, EFS keys associated with the LocalSystem account must be used to encrypt the index files. Consequently, the index files are open to the following attacks:

• Online: Any administrative user can gain access to the encrypted index files by simply impersonating the LocalSystem account. (Existing tools on the web make this a trivial task.)

• Offline: The key that is used by the LocalSystem account to decrypt files is stored on the machine in an obfuscated state. Someone with physical access to the machine can use existing tools on the web to retrieve this key and access the encrypted index files.