Things You Need To Know About Using EFS To Secure And Protect Your Data in Windows 7

Encrypting your data is the best way to do to keep your data safe. If your data on your computer is not encrypted, anyone who managed to get their hands on your computer could also manage to get access to your data, even when they don’t have your password. So it’s crucial that you need to use some form of encryption to secure your data, especially when you saved them on a mobile computer like a laptop you carry and use on a daily basis.

imageWindows 7 offers a full disk encryption feature, BitLocker, out of the box but unfortunately it’s only available on Ultimate or Enterprise edition. Windows 8 is a little better that the Pro version already comes with it. People who use the other Windows 7 or 8 editions, unfortunately, will have to seek alternatives if they want to have the similar disk-wise encryption. TrueCrypt would be an excellent product to consider, but unfortunately, the development of this awesome open source seized up in May 2014.

Both Windows 7 and 8 also have another form of encryption built right in their main disk format, NTFS. EFS, which stands for Encrypting File System, is a feature introduced way back in Windows 2000 that provides filesystem-level encryption. The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.

What is required?

As long as your partition is formatted as NTFS and run on a Windows 7 Professional or up edition, you are able to use this encryption option to secure your data.

How to use it?

1. Right-click on the folder or file you want to encrypt, go to Properties, which opens the file/folder properties window.

image

2. Then, click Advanced… button to open the Advanced Attributes window.

3. Tick the option Encrypt contents to secure data, and hit OK.

image

4. Done, and rest assured.

Cool tip: you can also use a PowerShell cmdlet to encrypt a specific file or folder through PowerShell console.

(Get-Item -path 'path\filename').Encrypt()

And use Decrypt() to decrypt the EFS encrypted files.

How to tell if a folder or file is encrypted?

All folders or files that are successfully encrypted will be shown in green, like below.

image

Back up your encryption certificate with the private key

Because the data is encrypted using your very own Encryption Certificate, it’s crucial that you back this certificate up with the private key to an external storage to keep it safe and separate.

Your encryption certificate will be created automatically the first time you turned on the encryption on your folder/file. It’s recommended that you immediately back it up right after with a strong password. Both Windows 7 and 8 has made it very easy to do with an easy-to-follow wizard.

1. Type “Encryption Certificates” in the search box from Start menu to open Manage File Encryption Certificates wizard.

2. Follow the wizard to pick up the valid certificate and back it up

image

If you don’t see a certificated signed through the wizard, you can also officially create a new one for yourself.

How to decrypt the folder/file?

That’s easy, simply unchecked the Encrypt your data option from the Advanced properties window, and hit OK.

Which form of encryption does Windows 7 use on EFS?

Windows 7/8 uses AES, Advanced Encryption Standard, to encrypt the data when using EFS. AES is a form of encryption adopted by US government in 2001. It’s a more secure encryption form than its predecessor, DES. It also supports a mixed mode operation of ECC and RSA algorithms for backward compatibility.

Using EFS as a wiping tool to wipe clean deleted data

This is another very cool tip and nice way of using this EFS feature. Windows has a built-in command line called Cipher designed primarily for encrypting/decrypting data on the drives that use NTFS file system, using EFS, Encrypting File System.

The cool thing about this command line is that with a switch /w you can turn Cipher into a nice data wiping tool that overwrites deleted data in a specified folder on a specified volume. For example, after running the following command, the deleted data in my downloads folder will be overwritten and wiped out completely clean.

cipher /w:z:\downloads

A few final notes

  • Again, EFS only supports on the folders/files saved on an NTFS partition that runs on Windows 7 Professional, Ultimate, and Enterprise edition.
  • EFS doesn’t prevent people from seeing the name of the file and what’s in the folder. Another word, even though you have your folder or file encrypted, people can still see the file name and the list of files in the folder. However, when people wants to get access to them on a computer that doesn’t have the right certificate installed, they will get access denied message.
  • Encryption would be removed automatically if the data was moved or copied to a non-encrypted folder or external drive.
  • There is much more information about the encryption, but we will save them for another day.

If you have any questions or concerns, please leave them in the comment.

Kent Chen

Microsoft MVP, IT Professional, Developer, Geek, and the co-founder of Next of Windows.

Last updated: 07/12/2016

Posted in: How to , Tips & Tricks
Discover more: , ,

Leave a Reply

Notify of
avatar
Guest
Guest
Hi, I copied some files from my computer to my External Hard drive and then installed a new window on my computed. Now when i want to copy the data from my external hard drive back to my computer ( with new windows installed), i says access denied for some files which are in green color. I see in their advanced properties that “Encrypt contents to secure data” is checked and i cant uncheck it as it says access is denied. Seems like i accidently encrypted some of the files before copying them in the external hard drive. I definitely… Read more »
Erwin
Guest
Hi, I copied some files from my computer to my External Hard drive and then installed a new window on my computer. Now when i want to copy the data from my external hard drive back into my computer ( with new windows installed), it says ‘access is denied’ for some files which are in green color. I see in their advanced properties that “Encrypt contents to secure data” is checked and i can not uncheck it as it says access is denied. Seems like i accidently encrypted some of the files before copying them in the external hard drive.… Read more »
wpDiscuz