Did you know Windows XP, Windows 7, Windows 8 and 8.1 include an easy to use and very secure encryption service that allows you to encrypt files and folders with just a few clicks? It’s called the Encrypted File Service or EFS. Years ago I wrote how to use EFS to encrypt files using automation and scripting however I never explained how to enable it the easy way — from the Windows Explorer Interface.
Before I review those steps however, here’s a brief summary on what EFS is and why you should enable it on sensitive or private files.
EFS is a built-in Encryption service which is built into Windows since the days of Windows XP. Once a file is encrypted using EFS, it can only be accessed by the Windows login that encrypted the file. Although other users on the same computer might be able to see your files, they will be unable to open them – including Administrators. Very handy if you want to keep certain files or folders private – and because EFS is built-in seamlessly to Windows, you won’t even notice it most of the time.
Let’s review now how to enable it. Although the screenshots and steps below are taken from Windows 8, the steps are the same for Windows 7 and Windows XP.
Note: Similar to BitLocker, Windows EFS is only supported with the Pro and Enterprise versions of Windows 8.1, Windows 8 and Windows 7. If you’re unsure what version of Windows you’re running, just launch Winver.exe which is built into all versions of Windows.
Right-Click the Folder or File you wish to encrypt and click Properties.
From the General Tab, click Advanced.
Check the box Encrypt contents to secure data and click OK.
If you’re encrypting a folder, Windows will ask if you want to encrypt just the single folder or all subfolders and files in the folder.
Click the radio button that works for you and click OK.
By default, after encrypting a file or folder with Windows EFS, it will turn green as shown below.
Because I chose to encrypt all subfolders and files, notice how they are also encrypted (green) as well.
I also recommend using EFS to encrypt sensitive data to protect you against the theft or sale of your PC. Because the encrypting key is associated to your Windows account and password, your data will be safe even if the data is ripped or your password hard reset.
Very simple and very easy just as I promised. Before you move on however there is one more thing you should do before you start encrypting your entire hard drive with EFS — Backup your EFS Private Key Certificate.
Backing up your EFS Cert. is an important next step in the event of a hard disk corruption or other scenario where you lose your EFS Certificate on your system. Backing it up only takes a few minutes so please don’t skip this next step.