Recipe 4.15. Encrypting a File or FolderProblemYou want to encrypt a file or folder so that other users cannot read its contents. SolutionUsing a graphical user interface
Using a command-line interfaceWith the cipher.exe command, you can encyrpt and decrypt files and folders. Running it without any options lists the files in the current directory with a flag indicating which ones are encrypted (U = unencrypted, E = encrypted): > cipher The following command encrypts a single file: > cipher /e /a <FileName> Here is an example: > cipher /e /a mysecretfile.doc The following command causes any new file added to the scripts directory to get encrypted. Existing files are not encrypted: > cipher /e d:\scripts The following command encrypts all files in a directory and any subdirectories: > cipher /e /f /a /s:d:\scripts This is the same command, with /e replaced by /d, which causes everything within the d:\scripts directory to become unencrypted: > cipher /d /f /a /s:d:\scripts DiscussionNTFS supports the Encrypting File System (EFS) for encrypting the contents of files. Similar to compression, EFS is built into the file system so encryption and decryption of EFS-enabled files and folders is seamless to the enduser. And just like compression, enabling EFS should only be done after much thought about its impact. EFS can have a significant hit on the performance of a server and the access times for files. For more on how to use EFS, including the recovery mechanisms built-in to EFS, see MS KB 324897. See AlsoMS KB 230520 (HOW TO: Encrypt Data Using EFS in Windows 2000), MS KB 298009 (Cipher.exe Security Tool for the Encrypting File System), and MS KB 324897 (HOW TO: Manage the Encrypting File System in Windows Server 2003 Enterprise Server) |