Indiana University
University Information Technology Services
  
What are archived documents?
Login>>
Login

Login is for authorized groups (e.g., UITS, OVPIT, and TCC) that need access to specialized Knowledge Base documents. Otherwise, simply use the Knowledge Base without logging in.

Close

In Windows, what is the Encrypting File System, and how can I use it to protect sensitive data?

The Encrypting File System (EFS) is a component of the NTFS file system on Windows 2000, Windows XP Professional, and Windows Server 2003; it allows you to encrypt files stored on your local computer or on a Windows 2000 or 2003 server. The encryption and decryption process requires either a private key stored in your profile, or a master recovery key stored by a designated "recovery agent"; for more on the master recovery key, see At IU, how can I recover Windows encrypted files without a private key? The private key is protected with your passphrase; without access to the master recovery key, therefore, anyone who gains access to the EFS encrypted file would need to know your passphrase to turn the encrypted data into usable information.

Important: As of April 8, 2014, Microsoft no longer supports Windows XP with security updates. To ensure the highest security standards, the UITS Support Center no longer registers Windows XP devices to the IU network. UITS strongly recommends that you look into the options for replacing or upgrading your Windows XP computers for full compatibility with IU systems. See About end of life for Windows XP.

To encrypt a file or folder:

  1. From the Start menu, select Programs or All Programs, then Accessories, and then Windows Explorer.

  2. Right-click the file or folder you want to encrypt, and then click Properties.

  3. On the General tab, click Advanced.

  4. Check Encrypt contents to secure data.

    • If you have chosen to encrypt a single file, you can also encrypt the folder that contains it. In the Encryption Warning window, select Encrypt the file and the parent folder. All files created in the encrypted folder will now be automatically encrypted.

    • If you encrypt a folder instead of a single file, you can encrypt all the contents of the folder as well. Select Apply changes to this folder, subfolders and files.

To decrypt a file or folder:

  1. From the Start menu, select Programs or All Programs, then Accessories, and then Windows Explorer.

  2. Right-click the file or folder you want to decrypt, and then click Properties.

  3. On the General tab, click Advanced.

  4. Clear the Encrypt contents to secure data checkbox, and then click OK.

When you decrypt a folder, you must decide whether to decrypt the folder only or to decrypt the folder and all files and subfolders contained within it. If you choose to decrypt the folder only, the files and subfolders within the folder remain encrypted. However, when you add new files and subfolders to the folder, they will not be automatically encrypted.

This information was adapted from the Microsoft article Encrypt or decrypt a folder or file.

This is document augh in domain all.
Last modified on March 25, 2014.

I need help with a computing problem

  • Fill out this form to submit your issue to the UITS Support Center.
  • Please note that you must be affiliated with Indiana University to receive support.
  • All fields are required.



Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.

I have a comment for the Knowledge Base

  • Fill out this form to submit your comment to the IU Knowledge Base.
  • If you are affiliated with Indiana University and need help with a computing problem, please use the I need help with a computing problem section above, or contact your campus Support Center.