Indiana University
University Information Technology Services
  
What are archived documents?
Login>>
Login

Login is for authorized groups (e.g., UITS, OVPIT, and TCC) that need access to specialized Knowledge Base documents. Otherwise, simply use the Knowledge Base without logging in.

Close

In Windows, what is the Encrypting File System, and how can I use it to protect sensitive data?

The Encrypting File System (EFS) is a component of the NTFS file system on Windows 2000, Windows XP Professional, and Windows Server 2003; it allows you to encrypt files stored on your local computer or on a Windows 2000 or 2003 server. The encryption and decryption process requires either a private key stored in your profile, or a master recovery key stored by a designated "recovery agent"; for more on the master recovery key, see At IU, how can I recover Windows encrypted files without a private key? The private key is protected with your passphrase; without access to the master recovery key, therefore, anyone who gains access to the EFS encrypted file would need to know your passphrase to turn the encrypted data into usable information.

To encrypt a file or folder:

  1. From the Start menu, select Programs or All Programs, then Accessories, and then Windows Explorer.

  2. Right-click the file or folder you want to encrypt, and then click Properties.

  3. On the General tab, click Advanced.

  4. Check Encrypt contents to secure data.

    • If you have chosen to encrypt a single file, you can also encrypt the folder that contains it. In the Encryption Warning window, select Encrypt the file and the parent folder. All files created in the encrypted folder will now be automatically encrypted.

    • If you encrypt a folder instead of a single file, you can encrypt all the contents of the folder as well. Select Apply changes to this folder, subfolders and files.

To decrypt a file or folder:

  1. From the Start menu, select Programs or All Programs, then Accessories, and then Windows Explorer.

  2. Right-click the file or folder you want to decrypt, and then click Properties.

  3. On the General tab, click Advanced.

  4. Clear the Encrypt contents to secure data checkbox.

When you decrypt a folder, you must decide whether to decrypt the folder only or to decrypt the folder and all files and subfolders contained within it. If you choose to decrypt the folder only, the files and subfolders within the folder remain encrypted. However, when you add new files and subfolders to the folder, they will not be automatically encrypted.

This information was adapted from the Microsoft article Help keep your data safe.

This is document augh in domain all.
Last modified on May 13, 2009.

Comments/Questions/Corrections

Use this form to offer suggestions, corrections, and additions to the Knowledge Base. We welcome your input!

If you are affiliated with Indiana University and would like assistance with a specific computing problem, please use the Ask a Consultant form, or contact your campus Support Center.

Contact Information

Note: We will reply to your comment at this address. If your message concerns a problem receiving email, please enter an alternate email address.