Secure data on Windows XP Pro using EFS

Have you ever concern about security of your data? What if someone stolen your storage device or laptop which you have some privacy information on there? Or you have some private data that keep on a PC or laptop and don’t want other to access them.

On Windows, it has EFS which helps protecting data from unauthorized user to access it. EFS (Encrypting File System) is a feature on Microsoft Windows XP Professional (Not available in Home Edition) and Windows Server 2003 that encrypt files or folders on disk with user’s key. Other users who hasn’t this key can’t decrypt the files so that they can’t read or copy the files. The encryption and decryption will be performed on background, no need to perform additional task for user.

Note: With this approach, it’ll be useless if others knows your password. They can login with your account and have all access as it was you.

Below, the example shows how to implement EFS on Windows XP Professional which is a stand-alone computer. For a computer that is joined to a domain, it’ll diferrent from here. You have to configure addtional steps on domain controller.

Sections

  1. Encrypt file or folder
  2. Decrypt file or folder

Step-by-step

Encrypt file or folder

  1. In this example, I’ll encrypt a folder called ‘Data’ and all files in this folder.
    The folder to be encrypted
  2. There is a file called ‘test.txt’ in the folder which content as the figure below.
    The file to be encrypted
  3. Next, I’ll set encryption on this folder. Right click on the folder and select Properties.
    Open Properties
  4. On General tab, click Advanced.
    Open Advanced Attributes
  5. On Advanced Attributes, check “Encrypt contents to secure data“.
    Check 'Encrypt contents to secure data'
  6. When you clicked OK, it’ll ask you to confirm changing attributes of the folders and files. I selected “Apply changes to this folder, sub-folders and files“.
    Apply changes to this folder, sub-folders and files
  7. Now the folder is encrypted. You’ll see the text-color of the folder changed from black to green.
    Note: You’ll notice that you can still view, modify the content of files as the same before enable encryption. But right now, others may not which I’ll show in a few steps. This is why you have to secure your password.
    The encrypted folder
  8. If the text-color doesn’t changed, open Folder Options in Tools.
    Open Folder Options
  9. On Folder Options, select View tab and browse to the bottom. Check “Show encrypted or compressed NTFS files in color“. The text-color should be changed now.
    Check 'Show encrypted or compressed NTFS files in color'
  10. Next,try to login as another user and see if this user can access the file.
    Login as differrent user
  11. Try to open ‘test.txt’ and it show access denied.
    Note: When you have encrypted the folders or files, you can
    Try to view the encrypted file

Back to top

Decrypt file or folder

  1. To decrypt, select folders or files that you want ti decrypt -> select Advanced -> uncheck “Encrypt contents to secure data” in Advanced Attributes.
    Uncheck 'Encrypt contents to secure data'
  2. Click OK to confirm.
    Apply changes to this folder, sub-folders and files
  3. Now the folder and all files in the folder are decrypted.
    The decrypted folder

Back to top

Summary

EFS can be useful if you learn and plan it wisely. It can enhance the security without spending a dime. In the other ways, it may be problem if you don’t learn its pros and cons. For instance, recovery plan in case of the key is lost (backup and restore a certificate).

For more information, see these links below:

9 Comments

  1. prashant July 18, 2008
  2. linglom July 18, 2008
  3. Harry September 7, 2008
  4. mused September 8, 2008
  5. mused September 8, 2008
  6. Harry September 8, 2008
  7. mused September 9, 2008
  8. mused September 9, 2008
  9. linglom September 14, 2008

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.