How to encrypt files and folders using EFS in Windows 10, 8.1 and Windows 7

Many people know about such a built-in disk encryption and flash drives in Windows 10, 8.1 and Windows 7 as BitLocker available in the professional and corporate editions of the OS. A smaller number is known about another function encryption function and folders - EFS encryption file system, which is also built into the system.

In this manual on how the EFS encryption works, how it allows you to restrict access to important files and folders, how to restore access to data if necessary and what differences from BitLocker. See also: Pro encryption of disks and flash drives using BitLocker in Windows, encryption files, folders, disks and flash drives in veracrypt how to put a password for the archive.

• How EFS Encryption works
• How to encrypt folders and files using EFS
• Restore access to encrypted EFS data or access to them under another account
• Differences of BitLocker and EFS encryption in Windows
• Additional Information

How EFS Encryption works

EFS allows you to easily encrypt the contents of the selected folders or individual files using the system tools in such a way that they will be available only for the user and on the computer where encryption was performed.

Other users on the same or other computer will see files and their names on the drive, but will not be able to access them (open them), even if they have administrator rights.

This method is less secure than bitlocker encryption, but if you have only a home edition of Windows 10, 8.1 or Windows 7, and the only task is to see the contents of your files to see the contents of your files, it is possible to use EFS: it will be convenient and fast .

How to encrypt the folders and files contained in them using EFS

Steps to encrypt the folder and its contents using the EFS encryption file system in the simplest version will be as follows (available only for folders on NTFS disks and flash drives):

1. Open the properties of the desired folder (right click of the mouse - properties).
2. In the "Attributes" section, click the "Other" button.

   

3. In the "Compression and Encryption Attributes" in the next window, check "encrypt the contents for data protection" and click OK.

   

4. Click OK in the folder properties and apply the changes to the files and folders.

   

5. Immediately after that, a system notification will appear where you will be offered to archive encryption key. Click notification.

   

6. Click "Archive Now" (the key may be required to recover data access if you have lost your account or access to this computer).

   

7. The certificate export wizard will be launched. Click "Next" and leave the default settings. Click "Next" again.
8. Set the password for your certificate containing encryption keys.

   

9. Specify the location of the file and click Finish. This file is useful for restoring access to files after OS failures or if necessary, be able to open encrypted EFS files on another computer or under a different user (about how to do it - in the next section of the instruction).

   

This is completed on this process - immediately after performing the procedure, all the files in the folder you specified as already existing there and the created will again get on the "Castle" icon, which reports that the files are encrypted.

They will easily open within this account, but under other accounts and on other computers will not open them, the system will report on the absence of access to files. In this case, the structure of folders and files and their names will be visible.

If you wish, you can, on the contrary, start encryption from creating and saving certificates (including on a smart card), and then set the "Encryption content to protect data". To do this, press Win + R keys, enter ReKeyWiz and press ENTER.

After that, perform all the steps that you will offer you a wizard for encryption certificate file encryption file system EFS. Also, if necessary, using ReKeyWiz you can use the use of another certificate for another folder.

Restore access to encrypted files, opening them on another computer or under another Windows account

If for one reason or another (for example, after reinstalling Windows), you lost the ability to open files in encrypted EFS folders or you needed the ability to open them on another computer or under a different user, make it easy:

1. On a computer in the account where you need to have access to encrypted files, open the certificate file.

   

2. Automatically open certificate imports wizard. For the basic scenario, it is enough to use the default parameters.

   

3. The only thing that will be needed is to enter a password for the certificate.

   

4. After successful import, what you receive a notification, previously encrypted files will open on this computer under the current user.

Differences of the EFS encryption file system and BitLocker

Main differences related to thinking of various encryption capabilities in Windows 10 - Windows 7

• BitLocker encrypts entire discs (including system) or disk partitions, while EFS applies to individual files and folders. However, BitLocker encryption can be applied to the virtual disk (which will be stored as a regular file on the computer).
• EFS encryption certificates are tied to a specific Windows account and stored in the system (also the key can be exported as a file on a flash drive or record on a smart card).
• BitLocker encryption keys are stored either in the TPM hardware module, or can be saved to an external drive. The BitLocker open disc is equally available to all users of the system, moreover, if TPM has not been used, such a disc can be easily open and on any other computer or laptop, it will be enough to enter a password.
• Encryption for folders If you use EFS, you need to turn on manually (the files inside will be encrypted in the future). When using BitLocker, everything that gets on an encrypted disk is encrypted on the fly.

From the point of view of security, the use of BitLocker is more efficient. However, if you just need not to open your files to other Windows users, and you use the OS home edition (where there is no BitLocker) - EFS is suitable for this.

Additional Information

Some more information about using the EFS encryption file system in Windows:

• Encrypted EFS files are not protected from removal: Delete them can any user on any computer.
• The system presents the Cipher.exe command line utility, which may include and disable EFS encryption for files / folders, work with certificates, as well as clean the contents of encrypted folders on the hard disk, overwriting information by random bytes.

  

• If you need to delete EFS encryption certificates from a computer, you can do this as follows: Go to the control panel - browser properties. On the "Content" tab, click the "Certificates" button. Remove unnecessary certificates: in their description at the bottom of the window in the "Certificate Assignment" field, the "Encipant File System (EFS)" will be specified.
• In the same section of certificate management in the "Browser Properties", you can export a certificate file for use under a different user or on another computer.