How to encrypt files and folders by EFS Windows 10

MODULE 9:- Data Protection 

  1. How to encrypt files and folders by EFS Windows 10
  2. How to Enable bitlocker windows 10 encryption – Full Guide
  3. How to use VeraCrypt portable, Truecrypt replacement in windows 10
  4. Data, file, full disk and Hard drive encryption software Veracrypt
  5. NTFS Alternate Data Streams For Beginner
  6. Top 10 steganography tools for Windows 10

This article will cover What is encrypted file system and Encrypt files and folders in windows 10, Export/Import EFS certificate and Key and Recover Encrypted file System and more ..

How to encrypt files and folders in W

Scenario:

Data protection is very important issue nowadays and the most common way of stealing data by physical access of system or hard disk, where your sensitive data are stored. If someone able to access your hard drive he can easily read all stored documents & other sensitive information from your computer easily. In other hand if you are a normal user of computer and another administrator users are able to access data without facing any problem. So he can read the official documents which consist sensitive information no matter you want to share with anyone or not. If you want to protect documents then you can encrypt files and folders in windows 10 and previous version. Encrypted file system is Windows feature allow you encrypt files and folders and protect data from stolen.

What is encrypted file system?

Encrypted File System is a feature integrated with Windows 10 and previous version (Windows XP and later) which allows users to encrypt files and folders and protect those to access by unauthorized. As you know if you have two user on single computer then administrator user can read the files saved by another user, but encrypted file could not. 

How to encrypt files and folders in Windows 10

  1. Right click on the folder you want to encrypt folder and its files and click on the properties
    Right click on the folder
  2. Click on the advanced button
     advanced button
  3. The new Advanced attributes Windows popup. here you can see in the compressor encrypt attributes on the bottom side so check on the encrypt contents to Secure data and press ok.
    popup
  4. Click on apply
  5. New window will be popup for confirming attribute changes here is two options apply changes to this folder only and under apply changes to this folder some folders and files so checked apply changes to this folder for folders and files then click on Ok
    confirming attribute changes

The new notification will pop up and said please backup your encryption certificate and key click on that and here is a option back up now that is the recommended for backing up encryption certificate and key 

certificate export

Follow the instructions are given below

  1. When you click on backup now the certificate export wizard  will start click on the next.
    certificate export wizard
  2. Click on Next
    Next
  3. in the new window for securing certificate and key by using password So check on the password and enter the password twice. Make sure your password should be strong.  Click on next.
    securing certificate and key by using password
  4. Provide the name and click on the next.
  5. It will ask for location where you want successfully export your certificate and private key backup file. Browse the location and give the file name. and click on the finish. export your certificate and private key backup file
  6. Now you can see your folder has been protected and you can see lock icon over folder.

Important Notes: Now go on the location where you exported certificate and copy this certificate and key in a safe location. you can put on one-drive provided by Microsoft so you can access anytime everywhere or store in Pen drive. Its totally depends on you.

What should you do, if you forget to backup your EFS certificate and key.

if you forget to take a backup of EFS certificate and key then you can do it later by following the simple methods are given below

Export EFS certificate and Key

  1. Press Windows + R Short key on keyboard and type certmgr.msc then press OK
    certmgr.msc
  2. The certificate manager for current user will be open Go to Personal > certificates > encrypted file system for current user. (my current user is Dell)
    certificate manager for current use
  3. Click on action > all tasks > export
  4. The certificate export wizard will be started click on Next
    certificate export wizard
  5. Select yes export the private key and next
  6. select personal information exchange and nextNext
  7. it will ask for the security of private key, so protect it by the password. Check on the password and set the password then click next
    securing certificate and key by using password
  8. Give the file name and location where you want to save the file I am going to save the file on the desktop letter I will copy on external device or I will put on a Microsoft account click on the Next
     export your certificate and private key backup file
  9. Click on the Finish.

Import EFS certificate and Key

By mistake you copied encrypted files in another computer without decrypting it. Then you will get access denied message at time of opening these files. If you want to get rid off this problem and want to access your files you must import EFS certificate and key of computer user from you copied files. You can import by follwoing the given steps, If you have backed up of EFS certificate and key.

  1. Press Windows + R Short key on keyboard and type certmgr.msc then press OK
    certmgr.msc
  2. Go to Personal > certificates > dont select anything here.
  3. Click on action > all tasks > Import
    dont select anything
  4. Certificate import wizard will be started, Click on Next.
    Certificate import wizar
  5. Browse file to import and Click on Next
    Browse file to import
  6. Enter the password what you have used to protect certificate and key file at the time of export. Click on Next.
    Enter the password
  7. Select Place all certificates in the Personal store.
  8. Completing the certificate import Wizard and click on Finish.

Disable EFS Encrypted File System

  1. Right click on the folder you want to decrypt folder and its files then click on the properties.
    Right click on the folder you want to decrypt
  2. Click on the Advanced advanced.
  3. Uncheck on the encrypt contents to Secure data and press OK.
    encrypt contents to Secure data
  4. Click on apply
    Click on apply
  5. Apply Changes to this folder, sub-folders and files. and Click OK.Changes to this folder, sub-folders and files
  6. After some time you will see your folder has been encrypted. Now there is no lock

Recover of EFS Encrypted File System – Video

I have described each and everything related EFS, what is important to know a normal user. Please let me know in comment box if left something.

Cheers!

Vijay Kumar

Ethical Hacking & Penetration Testing Trainer, For more detail view My Profile

Latest posts by Vijay Kumar (see all)

2 thoughts on “How to encrypt files and folders by EFS Windows 10

Leave a Reply

Your email address will not be published. Required fields are marked *