One of the lesser known features of Windows is the Encrypted File System (EFS). The EFS allows you to quickly encrypt files and folders in the Windows system of your choice using your own user account. Since the files are being encrypted using the password of the Windows user account, other users on your system, including the administrator, cannot open, move, or modify the file and folders. This encryption system is helpful if you have files that are not so important but don’t want other users on your system to see them.
EFS is completely different from BitLocker; it is not as secure as BitLocker or other encryption software. This is because anyone with access to your user account can easily access the files and folders without the need for any extra password or authentication.
Note: you cannot encrypt entire drives or partitions using the EFS. It only works with files and folders.
Encrypt Files and Folders in Windows Using EFS
Encrypting files and folders using EFS is very easy. All you have to do is select a checkbox and back up the security certificate. To start, select the folder you want to encrypt with EFS, right-click on it and select the option “Properties.”
Once the Folder Properties window has been opened, click on the “Advanced” button on the General tab.
This action opens the Advanced Properties window. Select the “Encrypt contents to secure data” checkbox and click on the “OK” button.
You need to confirm the attribute changes. Simply select the “Apply changes to this folder, subfolders, and files” radio button, and click on the “OK” button.
As a visual indicator that you have successfuly encrypted the select files and folders with EFS, you will see a lock icon over all the encrypted files and folders.
Once you are done encrypting, Windows will prompt you to back up the encryption key so that you can decrypt the files and folders if you ever lose access to your user account. Find the backup icon in the taskbar and double-click on it.
This action will open the EFS Backup Dialog box. Select the option “Backup Now.”
As soon as you click on the option, the Certificate Wizard will open. Here click on the “Next” button to continue.
In this window make sure that the options are selected as shown in the image, and click on the “Next” button.
Now, select the “Password” checkbox, enter a strong password and click on the “Next” button to continue.
Click on the “Browse” button, and select where you want to save the certificate. On the main window click “Next” to continue.
Finally, Windows shows you a gist of all the settings you just performed. Review them and click on the “Finish” button.
Once the procedure has finished, you will receive a message letting you know the same. As I said before, this file is very important as it lets you decrypt your files and folders if you lose access to your Windows user account. Make sure that you’ve stored the certificate in a safe place.
After you are done encrypting the files, no user on your system can open your files, not even the administrator. If they try to they will receive a message similar to the one depicted below.
Moreover, they can’t even move or copy the files. If they try to do so, they will see an error message similar to the one depicted below.
Again, this is not the most secure way to encrypt your important or confidential files, but it is a good alternative for general usage. In the case you have confidential or important files, you are better of with BitLocker or other encryption software.
Do comment below sharing your thoughts and experiences about using your files and folder with EFS.