Using EFS

I will share my experience with setting encryption on files and folders and the resulting access that ensued. I will start with a play by play for each step, and follow that with observations.

I first created a folder on my “C” drive, and some files within that folder.  I then encrypt the folder, as shown below where it shows “Encrypt contents to secure data”:

image

Upon clicking OK and OK, I got the following message which confirmed that encryption was going to take place on not only the folder level, but also the document level. This will become an important step as we will see later in regards to the results when moving documents around.

image

The first test for success is simply making sure that the text of the folder name was green, which it was. This color indicates that folder or files are encrypted.

When either remote connecting with another ID, or logging on with another ID, I was able to browse and open the remote folder.  I was able to see the content within the folder, but I could not open the files within.

If I tried to open the files, I would get the following error:

image

To verify encryption was in place I used the “command-line” cipher command to check status of my folder. There was an “E” attribute preceding the file names indicating these were indeed encrypted.

I also tried dragging a file from an unencrypted folder over to the encrypted folder.  All files in the encrypted folder were green, including the unencrypted file after being moved there.

I also used the more sure fire method of seeing what is encrypted. I ran the “cipher” command on the encrypted folder, and all files were encrypted:

I then took the original unencrypted file that had become encrypted back to the unencrypted folder. The “green” (encryption) followed, which I also verified with the “cipher” command.

In essence I was able to set encryption property on my file by simply dragging it to the encrypted folder and back again. However, it does give me a warning that “new files added to this directory will not be encrypted.”  The reason for this is simple.  Though the file had become encrypted and retained this property setting, the unencrypted folder retains its unencrypted property too.

If you go back 2 posts to my post entitled “Using the Windows Encrypting File System”, and read the “Fourth EFS Warning”, you will see the importance of backing up the windows system certificate and storing it safely in another location.   I’ll conclude my EFS experience with showing how this is done:

Within my IE session I went into Internet Options, then Content, then Certificates.  I then I selected my computer’s Certificate ID.

image

I ran the “Export” function, and it exported my certificate onto my desktop.  I could then encrypt and store this in a safe place.

I hope this little exercise shows how easily we can encrypt files and folders with EFS, and how the encryption property rights get retained.

 

LP 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s