Have you ever concern about security of your data? What if someone stolen your storage device or laptop which you have some privacy information on there? Or you have some private data that keep on a PC or laptop and don’t want other to access them.
On Windows, it has EFS which helps protecting data from unauthorized user to access it. EFS (Encrypting File System) is a feature on Microsoft Windows XP Professional (Not available in Home Edition) and Windows Server 2003 that encrypt files or folders on disk with user’s key. Other users who hasn’t this key can’t decrypt the files so that they can’t read or copy the files. The encryption and decryption will be performed on background, no need to perform additional task for user.
Note: With this approach, it’ll be useless if others knows your password. They can login with your account and have all access as it was you.
Below, the example shows how to implement EFS on Windows XP Professional which is a stand-alone computer. For a computer that is joined to a domain, it’ll diferrent from here. You have to configure addtional steps on domain controller.
Encrypt file or folder
- In this example, I’ll encrypt a folder called ‘Data’ and all files in this folder.
- There is a file called ‘test.txt’ in the folder which content as the figure below.
- Next, I’ll set encryption on this folder. Right click on the folder and select Properties.
- On General tab, click Advanced.
- On Advanced Attributes, check “Encrypt contents to secure data“.
- When you clicked OK, it’ll ask you to confirm changing attributes of the folders and files. I selected “Apply changes to this folder, sub-folders and files“.
- Now the folder is encrypted. You’ll see the text-color of the folder changed from black to green.
Note: You’ll notice that you can still view, modify the content of files as the same before enable encryption. But right now, others may not which I’ll show in a few steps. This is why you have to secure your password.
- If the text-color doesn’t changed, open Folder Options in Tools.
- On Folder Options, select View tab and browse to the bottom. Check “Show encrypted or compressed NTFS files in color“. The text-color should be changed now.
- Next,try to login as another user and see if this user can access the file.
- Try to open ‘test.txt’ and it show access denied.
Note: When you have encrypted the folders or files, you can
Decrypt file or folder
- To decrypt, select folders or files that you want ti decrypt -> select Advanced -> uncheck “Encrypt contents to secure data” in Advanced Attributes.
- Click OK to confirm.
- Now the folder and all files in the folder are decrypted.
EFS can be useful if you learn and plan it wisely. It can enhance the security without spending a dime. In the other ways, it may be problem if you don’t learn its pros and cons. For instance, recovery plan in case of the key is lost (backup and restore a certificate).
For more information, see these links below:
- Encrypting File System in Windows XP and Windows Server 2003
- Where Does EFS Fit into your Security Plan?
- How Secure Is Encrypted File System?