encrypting windows folder graphic

EFS (Encryption File System)


Restricted data must be kept secured from outside sources and one way to accomplish security on restricted data is to use Windows EFS system. This system provides encryption on folders so when you store files that have restricted data it remains secure from prying eyes using a strong encryption algorithm. The following provides a "how to" for creation of a secure (encrypted) folder to store data that requires protection.
 
If you decide to use EFS to encrypt your files you must consider recovery in the event of some unforeseen mishap. I recommend that you get your system administrator to implement the "Recovery Agent" on your system prior to using EFS. This system allows the administrator to access your encrypted data in the even you lose your password or if your key were to be corrupted, etc. This is a very important option that is highly recommended if you use EFS.
 

When you work with encrypted files and folders, keep in mind the following information:

Only files and folders on NTFS volumes can be encrypted. Because WebDAV works with NTFS, NTFS is required when encrypting files over WebDAV.

Files or folders that are compressed cannot also be encrypted. If the user marks a file or folder for encryption, that file or folder will be uncompressed.

Encrypted files can become decrypted if you copy or move the file to a volume that is not an NTFS volume.

Moving unencrypted files into an encrypted folder will automatically encrypt those files in the new folder. However, the reverse operation will not automatically decrypt files. Files must be explicitly decrypted.

Files marked with the System attribute cannot be encrypted, nor can files in the system root directory.

Encrypting a folder or file does not protect against deletion or listing files or directories. Anyone with the appropriate permissions can delete or list encrypted folders or files. For this reason, using EFS in combination with NTFS permissions is recommended.

You can encrypt or decrypt files and folders located on a remote computer that has been enabled for remote encryption. However, if you open the encrypted file over the network, the data that is transmitted over the network by this process is not encrypted. Other protocols, such as Single Socket Layer/Transport Layer Security (SSL/TLS) or Internet Protocol security (IPSec), must be used to encrypt data over the wire. WebDAV, however, is able to encrypt the file locally and transmit it in encrypted form.

 

Encrypting File System (EFS) provides the core file encryption technology used to store encrypted files on NTFS file system volumes. Once you encrypt a file or folder, you work with the encrypted file or folder just as you do with any other files and folders.

Encryption is transparent to the user that encrypted the file. This means that you do not have to manually decrypt the encrypted file before you can use it. You can open and change the file as you normally do.

Using EFS is similar to using permissions on files and folders. Both methods can be used to restrict access to data. However, an intruder who gains unauthorized physical access to your encrypted files or folders will be prevented from reading them. If the intruder tries to open or copy your encrypted file or folder he receives an access denied message. Permissions on files and folders do not protect against unauthorized physical attacks.
 
You encrypt or decrypt a folder or file by setting the encryption property for folders and files just as you set any other attribute such as read-only, compressed, or hidden. If you encrypt a folder, all files and sub folders created in the encrypted folder are automatically encrypted. It is recommended that you encrypt at the folder level.
 
If you have a folder where all your data, restricted data, resides then all you need to do is right click that folder:
properties graphic
 
Click the "Properties" option at the bottom of the drop down menu.
propterties graphic
 
Click on the "Advanced" button near the bottom right side of this window.
advanced attributes graphic
 
Check the "Encrypt contents to secure data" check box at the bottom left of this window and click "OK" button. When this window closes then click "OK" on the properties window underneath.
 
folder properties graphic
 
confirmation of attribute change graphic
 
When the "Confirm Attribute Changes" window appears make sure the "Apply changes to this folder, sub folders and files" radio button is selected and then click "OK". Now this folder and all folders/files within are encrypted.

return to home page link and graphic