1. Encrypt files or folders
Step 1: Open Windows Explorer.
Step 2: Right-click the file or folder you want to encrypt, and then click Properties.
Step 3: On the General tab, click Advanced. Select the Encrypt content to protect data check box
During the encryption process, you should also pay attention to the following five points:
1. To open Windows Explorer, click Start → Programs → Attachments, and then click Windows Explorer.
2. Only files and folders on NTFS partition volumes can be encrypted, and files and folders on FAT partition volumes can be invalid.
3. The compressed files or folders can also be encrypted. If you want to encrypt a compressed file or folder, the file or folder will be decompressed.
4. Files marked as "System" attribute cannot be encrypted, and files located in the systemroot directory structure cannot be encrypted.
5. When encrypting a folder, the system will ask whether to encrypt its subfolders at the same time. If you select Yes, its subfolders will also be encrypted, and all files and subfolders added to the folder will be automatically encrypted when added.
2. Decrypt files or folders
Step 1: Open Windows Explorer.
Step 2: Right-click the encrypted file or folder, and then click Properties.
Step 3: On the General tab, click Advanced.
Step 4: Clear the “Encrypt content to protect data” check box.
Similarly, we should pay attention to the following issues when using decryption:
1. To open "Windows Explorer", click "Start → Programs → Attachments", and then click "Windows Explorer".
2. When decrypting the folder, the system will ask whether you want to decrypt all files and subfolders in the folder at the same time. If you choose to decrypt only folders, the encrypted files and subfolders in the folder you want to decrypt are still encrypted. However, new files and folders created within the decrypted folder will not be automatically encrypted.
The above is the method of adding and decrypting files! And during the use process, we may encounter the following problems, so let’s explain the following:
1. Advanced buttons cannot be used
Cause: Encrypted file system (EFS) can only process files and folders on NTFS file system volumes. If the file or folder that is attempting to encrypt is on a FAT or FAT32 volume, the Advanced button does not appear in the properties of that file or folder.
Solution:
Convert volumes to NTFS volumes with conversion utility.
Open a command prompt.
Type: Convert [drive]/fs:ntfs
(drive is the drive letter of the target drive)
2. When the encrypted file is opened, the "Access Denied" message is displayed
Cause: The Encrypted File System (EFS) uses a public key certificate to encrypt the file, and the private key associated with the certificate is not available on this computer.
Solution:
Find the private key for the appropriate certificate and use the Certificate snap-in to import the private key to the computer and use it on the machine.
3. Solution to the problem that users encrypt files based on NTFS, and the encrypted files cannot be accessed after reinstalling the system (note: be sure to back up the encrypted user's certificate before reinstalling Win2000/XP):
Step 1: Log in to the computer with an encrypted user.
Step 2: Click "Start → Run", type "mmc", and then click "OK".
Step 3: On the Console menu, click Add/Remove snap-in, and then click Add.
Step 4: Under "Single snap-in", click "Certificate", and then click "Add".
Step 5: Click "My User Account", and then click "Finish" (as shown in Figure 2. If you encrypt the user is not an administrator, this window will not appear, go directly to the next step).
Step 6: Click Close, and then click OK.
Step 7: Double-click "Certificate-Current User", double-click "Personal", and then double-click "Certificate".
Step 8: Click the certificate with the words "Encrypted File" in the "Expected Purpose" column.
Step 9: Right-click the certificate, point to All Tasks, and then click Export.
Step 10: Export the certificate and related private keys in PFX file format as instructions in the Certificate Export Wizard (Note: It is recommended to export the certificate by "Export Private Key" method, which can ensure that the certificate is password protected to prevent others from stealing it. In addition, the certificate can only be saved to a directory where you have read and write permissions).
4. Save the certificate
Pay attention to saving the PFX file. After reinstalling the system, no matter which user you are under, just double-click this certificate file and import this private certificate to access the folder encrypted by the original user of the certificate under the NTFS system (note: the encrypted folder on the NTFS partition backed up using the backup recovery function cannot be restored to a non-NTFS partition).
Finally, I would like to mention that this certificate can also achieve the following purposes:
(1) Give different users permission to access encrypted folders
Export my certificate as "Export Private Key" and send the certificate to other local users who need to access this folder. Then he logs in, imports the certificate, and accesses to this folder.
(2) Recovery access permissions on WinXP machines to the previous encrypted folders backed up with the "Backup Recovery" program
Backup the encrypted folder with the "Backup Recovery" program, then copy the generated folder along with the certificate to another WinXP machine, and restore it with the "Backup Recovery" program (note: it can only be restored to the NTFS partition). Then import the certificate to access the recovered files.