The Complete EFS (Encrypted File System) Tutorial
(5 votes, average: 5 out of 5)
Loading ...NTFS5, the native file system used by Windows XP has a very cool feature called EFS, or Encrypted File System. EFS is an invisible file encryption method that is built directly into the file system. This provides an extra layer of protection for keeping your folders private.
This guide will explain what it is and how to use it effectively. Please note that the EFS features have been removed from Windows XP Home Edition. “Removed?” You ask. Yes, removed, as I said earlier EFS is built into NTFS (NT File System), the ability to enable it has been removed from XP Home Edition.
So what operating system have this feature? Any Microsoft operating system 2000 or newer has this feature. However, only the Professional and Server releases have it enabled. So here’s the list as it stands at the time of this writing.
Windows 2000 Pro or Server, Windows XP 32-bit Pro, Windows XP 64-bit Pro, and Windows Server 2003. I’m not sure, but I assume the same rule will apply to Windows Vista releases.
So the techies might be asking, “How can they remove EFS if it’s native to the file system?” The answer, the Home and Pro versions use different NTFS drivers.
Encrypting a File or Folder with EFS
- Browse to a file or folder in either My Computer or Explorer, right-click and choose Properties…
- Click the Advanced… button
- Put a checkmark in the box that says “Encrypt contents to secure data” and click OK
- Click OK to close the Properties dialog.
- If you are changing a folder that already contains files, you will recieve a confirmation dialog. Click OK
The process for removing the EFS attributes is just the opposite the the above. Follow the same procedure and remove the checkmark we just added.
Okay, so now we know how to do it, but how does EFS work? Well, I’m going to be as basic as possible in my approach. I’m not about to begin trying to explain encryption in this single post.
Basically, your computer creates a sort of password hash using your user information and then applies it to an algorithm and encodes your files. In basic english, that means that without being logged on with your user ID and password, the computer literally cannot read the file’s contents. You might compare it to trying to read an Arabic newspaper. (That, of course, assuming you can’t read Arabic.)
By default EFS uses DESX (56-bit) in Windows 2000 and DESX (128-bit) in Windows XP. Windows XP SP1 and higher use AES (256-bit) by default. Optionally 3DES (168-bit) in Windows XP and Windows 2003 (and Windows 2000 with High Encryption Pack) may be used. All of these algorithms make use of a random cipher key so they present a fairly strong encryption. Your average joe is not going to crack this thing in any reasonable amount of time, especially if you use a strong Windows password. Also note that 3DES complies with Federal Information Processing Standards (FIPS 140-1 Level 1) and is significantly stronger than the default DESX encryption. You have to enable the use of 3DES. I’ll show you that later in this article.
Now we have a basic understanding of what it does and how to do it, but is there anything else we should know. Well, yes. Let’s suppose you reload Windows and can’t log on with the user that originally encrypted the files. (Even recreating a user with the same name will not work.) You won’t be able to view the files because your current user won’t be able to decrypt them. That’s could make for a big nightmare.
Related Posts:
Recent Articles 
