Join Martin Guidry for an in-depth discussion in this video Working with the Encrypted File System (EFS), part of Windows 10 Administration.
- View Offline
- In this section, we're going to talk about encrypting individual files and folders in Windows 10. Off the Start menu, I'm going to type in Encryption, and we'll see one of the options is Manage File Encryption Certificates. We will need to create a certificate in order to encrypt our files. The first screen of this wizard just explains the encryption file system, known as EFS, and gives us a preview of what's going to happen in this wizard.
I'll click Next. I would like to create a new certificate, so I'll choose the radio button at the bottom. I have different options. The most secure option would be to use a certificate issued by my domain certification authority. This would be the most secure option and would allow the most functionality, allowing me to read my encrypted files over the network, but just for the purposes of a quick demonstration here, we'll go with the top item, a self-signed certificate.
I'll hit Next. It's asking me if I want to back up the certificate or not. Typically, it is a good idea to back it up, but for a demonstration, maybe not necessary, so, I'll say back up later. It's asking if I would like to update any previously encrypted files, and I can do that later, so I'll select the checkbox at the bottom, and hit Next. So, now it's given me a certificate and a key. I can go ahead and click View the Certificate, and it gives me some information about it.
Most of this is stuff that's not real interesting to a human being. The serial number and different information about the thumbprint is not really human readable. It should say that the key usage is for the encrypted file system, or EFS. So, I'll hit OK, and now I should be able to go to any file on my system. I'll just open up File Explorer and look in My Documents. I'll create a new text document.
I can right click on that now, go to Properties, on the General tab, near the bottom, I'll have the option for Advanced, and here is where I can encrypt the contents to secure data. Notice, just like with previous versions of Windows, we cannot compress and encrypt. It's only one or the other, and I would like to encrypt. I'll hit OK and then hit Apply. It's asking me if I would like to encrypt just the file or also the folder.
In this case, I'll go with just the file, and hit OK. Now the name of the file comes up in a different color, green in my case, showing that it is an encrypted file. Other than that, for me, it's going to function perfectly normal. I can open up the file just by double clicking on it. I can work with the file just as I could any other file, whether encrypted or not. The EFS encryption is transparent to the end user.
Whenever you access a file, it automatically decrypts it. Whenever you save a file, it automatically encrypts it. As long as you have access to the certificate. So, the whole key here is that I have access to the certificate that we created in the previous step. Any user who did not have access to that certificate would not be able to decrypt the file, would not be able to read it or work with it in any way.
Martin first reviews the various editions of both the desktop and mobile versions of Windows 10. This section covers the special features included with the Enterprise edition, and the hardware requirements for some of the new Windows 10 features. Martin also explains installing and updating drivers and configuring and optimizing the OS, including system properties and power options. Then it's a deep dive into Group Policy, including working with local groups, configuring preferences, and troubleshooting Group Policy. Martin also looks at Windows security—authentication and encryption—as well as the boot process, and concludes the course with a brief look at virtualization, networking, and backup and recovery.
- Understanding the different versions of Windows 10
- Installing and updating drivers
- Administering multitasking
- Working with Windows Group Policy
- Adding domain users and accounts to a Windows 10 PC
- Administering BitLocker and EFS
- Understanding the boot process
- Installing Client Hyper-V for Windows virtualization
- Managing Windows Firewall
- Backing up and restoring Windows 10
- Troubleshooting Windows 10