21.3. Encrypting Files and Folders: Business ¢ Enterprise ¢ UltimateIf your Documents folder contains nothing but laundry lists and letters to your mom, data security is probably not a major concern for you. But if there's some stuff on your hard drive that you'd rather keep privateyou know who you areWindows (Business Edition and higher) can help you out. The Encrypting File System (EFS) is an NTFS feature that stores your data in a coded format that only you can read. The beauty of EFS is that it's effortless and invisible to you, the authorized owner. Windows Vista automatically encrypts your files before storing them on the drive, and decrypts them again when you want to read or modify them. Anyone else who logs on to your computer, however, will find these files locked and off-limits. If you've read ahead to Chapter 23, of course, you might be frowning in confusion at this point. Isn't keeping private files private the whole point of Vista's accounts feature? Don't Vista's NTFS permissions (page 692) keep busybodies out already?
Yes, but encryption provides additional security. If, for example, you're a top-level agent assigned to protect your government's most closely guarded egg salad recipe, you can use NTFS permissions to deny all other users access to the file containing the information. Nobody but you can open the file in Windows Vista. However, a determined intruder from a foreign nation could conceivably boot the computer using another operating systemone that doesn't recognize the NTFS permissions systemand access the hard drive using a special program that reads the raw data stored there. If, however, you had encrypted the file using EFS, that raw data would appear as gibberish, foiling your crafty nemesis. 21.3.1. Using EFSYou use EFS to encrypt your folders and files in much the same way that you use NTFS compression. To encrypt a file or a folder, you open its Properties dialog box, click the Advanced button, turn on the "Encrypt contents to secure data" checkbox, and click OK (see Figure 21-7). (For a quicker way, see page 791.)
Depending on how much data you've selected, it may take some time for the encryption process to complete. Once the folders and files are encrypted, they appear in a different color from your compressed files (unless, once again, you've turned off the "Show encrypted or compressed NTFS files in color " option). Note: You can't encrypt certain files and folders, such as system files, or any files in the system root folder (usually the Windows folder). You can't encrypt files and folders on FAT 32 drives , either.Finally, note that you can't both encrypt and compress the same file or folder. If you attempt to encrypt a compressed file or folder, Windows Vista needs to decompress it first. You can, however, encrypt files that have been compressed using another technology, such as Zip files or compressed image files. After your files have been encrypted, you may be surprised to see that, other than their color change, nothing seems to have changed. You can open them the same way you always did, change them, and save them as usual. Vista is just doing its job: protecting these files with minimum inconvenience to you. Still, if you're having difficulty believing that your files are now protected by an invisible force field, try logging off and back on again with a different user name and password. When you try to open an encrypted file now, a message cheerfully informs you that you don't have the proper permissions to access the file. (For more on Windows Vista security, see Chapter 10.) 21.3.2. EFS RulesAny files or folders that you move into an EFS-encrypted folder get encrypted, too. But dragging a file out of it doesn't unprotect it; it remains encrypted as long as it's on an NTFS drive. A protected file loses its encryption only when:
By the way, EFS doesn't protect files from being deleted. Even if passing evildoers can't open your private file, they can still delete itunless you've protected it using Vista's permissions feature (Chapter 23). Here, again, truly protecting important material involves using several security mechanisms in combination.
|