Learn how to encrypt files using the EFS (Encrypting File System).
- [Instructor] In this movie, I introduce encrypting files with the encrypting file system, usually referred to as EFS. EFS is a feature of Windows that provides file system level encryption on NTFS volumes and is a simple way to keep your information secure. EFS encryption doesn't occur at the application level, but rather at the file system level so the encryption and decryption process is completely transparent to both the user and to the application. Applications don't have to understand EFS or even manage EFS encrypted files any differently than they would any other types of unencrypted files.
The encryption and decryption process requires either a private key stored in your profile or a master recovery key stored by a designated recovery agent. Private key is protected with your pass phrase. With this pass phrase the file opens without any additional effort on the users part. If the user doesn't possess the key, then they receive an access denied error message. Encrypting a file or folder is very simple, let me demonstrate. Simply right click on the file that you want to encrypt. Choose properties from the contextual menu and then here in the properties dialogue, click on the advanced button on the bottom.
And there's an option here, encrypt contents to secure data, check that, click okay. Let that finish encrypting, click the apply button, and then after that's applied, it'll go grey, click okay to close the dialogue. And you can also encrypt a folder and choose to encrypt then, anything inside the folder. Let's go ahead and right click on the folder, choose properties, click the advanced button. Choose the encrypt contents to secure data option.
Click okay. And then now when you click apply, you get this dialogue. You've chosen to make the following attribute change, encrypt, do you want to apply this change to this folder only, or do you want to apply it to all the sub-folders and files as well, so either option here. To the folder only or to anything inside the folder, including sub-folders and all files, and click okay. And then okay one more time to close the dialogue.
Decrypting a file or folder is also very straight forward. Simply right click on the file, choose properties, advanced, and then simply uncheck the encrypt contents to secure data option, click okay. And then okay to close the dialogue, That'll close as soon as it's done decrypting that. And likewise on the folder, right click, choose properties, advanced, and unchecked the encrypt contents to secure data option, click okay.
Again, you'll get this option here, apply the changes to this folder only or decrypt the entire folder, sub-folders, and files. And then once that's done decrypting it, dialogue will close. Now some key features of EFS include, encryption is powerful and simple, just a single click in the folder's properties option, and turn it on and also turn it off, as I just demonstrated. You'll have control over who can read the files.
Files are encrypted when you close them, but are automatically ready to use when you open them. And finally, where Bitlocker, which I cover later, is essentially a Windows feature that can encrypt an entire drive, EFS takes advantage of features in the NTFS files system itself. Now many IT pros feel it's better to use full disk encryption in the form of Bitlocker, it's considered more secure and more of a set-it and forget-it solution that you can enable once and forget about it, I go over in more detail the differences between these two encryption options in the next movie.
This course is also part of a series designed to help you prepare for the Microsoft exam 70-697: Configuring Windows Devices.
- Enabling disk write caching
- Creating spanned and striped volumes
- Configuring Storage Spaces
- Configuring OneDrive
- Enabling USB drives
- Clearing caches
- Fixing drives
- Troubleshooting OneDrive
- Encrypting files with EFS
- Encrypting volumes and drives with BitLocker
- Configuring share permissions