Have you ever concern about security of your data? What if someone stolen your storage device or laptop which you have some privacy information on there? Or you have some private data that keep on a PC or laptop and don’t want other to access them.
On Windows, it has EFS which helps protecting data from unauthorized user to access it. EFS (Encrypting File System) is a feature on Microsoft Windows XP Professional (Not available in Home Edition) and Windows Server 2003 that encrypt files or folders on disk with user’s key. Other users who hasn’t this key can’t decrypt the files so that they can’t read or copy the files. The encryption and decryption will be performed on background, no need to perform additional task for user.
Note: With this approach, it’ll be useless if others knows your password. They can login with your account and have all access as it was you.
Below, the example shows how to implement EFS on Windows XP Professional which is a stand-alone computer. For a computer that is joined to a domain, it’ll diferrent from here. You have to configure addtional steps on domain controller.
Sections
Step-by-step
Encrypt file or folder
- In this example, I’ll encrypt a folder called ‘Data’ and all files in this folder.
- There is a file called ‘test.txt’ in the folder which content as the figure below.
- Next, I’ll set encryption on this folder. Right click on the folder and select Properties.
- On General tab, click Advanced.
- On Advanced Attributes, check “Encrypt contents to secure data“.
- When you clicked OK, it’ll ask you to confirm changing attributes of the folders and files. I selected “Apply changes to this folder, sub-folders and files“.
- Now the folder is encrypted. You’ll see the text-color of the folder changed from black to green.
Note: You’ll notice that you can still view, modify the content of files as the same before enable encryption. But right now, others may not which I’ll show in a few steps. This is why you have to secure your password.
- If the text-color doesn’t changed, open Folder Options in Tools.
- On Folder Options, select View tab and browse to the bottom. Check “Show encrypted or compressed NTFS files in color“. The text-color should be changed now.
- Next,try to login as another user and see if this user can access the file.
- Try to open ‘test.txt’ and it show access denied.
Note: When you have encrypted the folders or files, you can
Decrypt file or folder
- To decrypt, select folders or files that you want ti decrypt -> select Advanced -> uncheck “Encrypt contents to secure data” in Advanced Attributes.
- Click OK to confirm.
- Now the folder and all files in the folder are decrypted.
Summary
EFS can be useful if you learn and plan it wisely. It can enhance the security without spending a dime. In the other ways, it may be problem if you don’t learn its pros and cons. For instance, recovery plan in case of the key is lost (backup and restore a certificate).
For more information, see these links below:
Win XP Pro with SP 1. All of my folders and files have only the following attributes. Read-only (which is checked but greyed out on many of them), and Hidden. I have no archive attribute. When I go to copy or move any folder or file with the greyed out Read-only checked) I get this message: Cannot copy DI_041305: Access is denied. Make sure the disk is not full or write protected and that the file is not currently in use. Than I try to uncheck the grey out Read-only attribute it asks me if I want to apply this change to only that folder or to that folder and all of its subfolders and files and if I check either option it say an error occurred applying the attributes to the file: Access is denied and it gives the following choice: Ignore, Ignore All, Retry and cancel. No matter what I choice here it won’t change the attribute or allow me to move the folder or file.
How can I fix this so that I can move a folder or file to another partition? It will allow me to delete the file or folder but that is it.
Has someone encrypted that folder?
You can check if the folders or files has been encrypted or not by open Windows Explorer -> Move to the desired folder -> change View to Details -> right-click on column -> make sure that Attribute is selected -> see the Attribute column if it contains ‘E’. If there is ‘E’, it means that file was encrypted and the person who encrypted can decrypt it.
I encrypted a folder on another drive using XP Pro, then i got a virus and had to format my OS drive. Now i go back to the folder that what encrypted and can’t read them. Is there any way i can get access to them again?
Thanks
when I do this It give me message access denied
Please Help Me
I encrypted a folder on another drive using XP Pro, then i got a virus and had to format my OS drive. Now i go back to the folder that what encrypted and can’t read them. Is there any way i can get access to them again?
Thanks
i emailed a microsoft tech site for help on this and they said there is no way to decrypt files unless you backed up the key. So that’s that.
please how that buckup to key
please help my about this problem
if you have program or method to solve this problem
send to me on
[email protected]
To back up your certificates, follow these steps:
1. Start Microsoft Internet Explorer.
2. On the Tools menu, click Internet Options.
3. On the Content tab, in the Certificates section, click Certificates.
4. Click the Personal tab.
Note: There may be several certificates present, depending on whether you have installed certificates for other purpose.
5. Select one certificate at a time until the Certificate Intended Purposes field shows Encrypting File System. This is the certificate that was generated when you encrypted your first folder.
6. Click Export to start the Certificate Export Wizard, and then click Next.
7. Click Yes, export the private key to export the private key, and then click Next.
8. Click Enable Strong protection, and then click Next.
9. Type your password. (You must have a password to protect the private key.)
10. Specify the path where you want to save the key. You can save the key to a floppy disk, another location on the hard disk, or a CD. If the hard disk fails or is reformatted, the key and the backup will be lost. (If you back up the key to a floppy disk or CD, you must store that disk or CD in a secure location.)
11. Specify the destination, and then click Next.
Reference: Best practices for the Encrypting File System