The Encrypting File System (EFS), new in Windows 2000, is a component that allows you to encrypt files on NTFS volumes so that only you can use them. When you encrypt a file or folder, Windows uses your encryption certificate and its private key to encrypt the data. Whenever you use the files (that is, when you're logged on with the same user account as when you originally encrypted the files), Windows uses the same certificate to decrypt the files. (It does this in the background, so you continue to use your encrypted files exactly the way you use nonencrypted files.) If anyone else attempts to open, copy, move, or rename any of your encrypted files, they'll be stopped by an access-denied message.
CAUTION
Any user who has Delete permission (one of the permissions included in Modify and Full Control access levels) can delete an encrypted file.
When you encrypt a folder, all files and subfolders in the folder are encrypted—including temporary files that some programs create while you edit a document. Therefore, for carefree automatic protection of your important files, you should encrypt folders rather than individual files. If you save most of your documents in the My Documents folder, it's a good candidate for encryption.
To encrypt a folder:
NOTE
You can't encrypt compressed files. If the files you choose to encrypt are already compressed, Windows clears the Compressed attribute.
If you're encrypting a folder, Windows then displays a confirmation message.
Remember that only your user account (along with your encryption certificate) can use the encrypted files. You can't share encrypted files with other users over a network, or even at the same workstation.
TIP
Back Up Your Encryption CertificateYou should keep a backup copy of your encryption certificate on a floppy disk in a safe place. If you lose your encryption certificate (which could happen, for example, if one of your hard disks fails), you can restore the backup copy and still be able to decrypt your files. To back up your encryption certificate:
- In Control Panel, open Users And Passwords.
- Click the Advanced tab and click Certificates.
- In the Certificates dialog box, click the Personal tab and then select the certificate with your user account name.
- Click Export to launch the Certificate Export Wizard, and follow its instructions.