Windows
 

Windows 8 : Working with file systems (part 4) - Understanding Encrypting File System, BitLocker

10/10/2014 9:21:58 PM

Understanding Encrypting File System

Windows and NTFS provide a method for each person using a computer to encrypt his or her files, folders, and drives. Encrypting File System (EFS) is a method used to encrypt files and determine who can access the files. No administrative privileges are needed to use EFS. To enable it for a folder, complete the following steps:

  1. Locate the folder in File Explorer.

  2. Press and hold or right-click the folder to be encrypted.

  3. Select Properties.

  4. On the General tab of the Properties dialog box, tap or click Advanced.

  5. Select the Encrypt Contents To Secure Data check box.

  6. Tap or click OK in the Advanced Attributes dialog box.

  7. Tap or click Apply in the Properties dialog box.

  8. Tap or click OK.

When the folder has been encrypted, a balloon appears, reminding you to back up your encryption key for the folder. Without that key, you cannot access the files or folders that are encrypted with EFS. The encryption key is stored with your user account information in the operating system; all the files you encrypt with EFS use the same key per computer.

To back up the private key for your EFS-encrypted files, complete the following steps:

  1. Open a blank Microsoft Management Console by searching for MMC on the Start screen.

  2. Select File and Add/Remove Snap-In.

  3. Select the Certificates snap-in and tap or click Add.

  4. Select My User Account as the scope for which this snap-in will manage certificates.

  5. Tap or click Finish.

  6. Tap or click OK.

  7. In the Console window, expand Certificates - Current User.

  8. Expand Personal.

  9. Select Certificates.

  10. In the results pane, locate the certificate with Encrypting File System listed in the Intended Purposes column and tap or click to select it.

  11. Under the actions pane for the selected certificate, select More Actions.

  12. Select All Tasks.

  13. Tap or click Export.

    This opens the Certificate Export Wizard. Click Next.

  14. Select the Yes, Export The Private Key option and tap or click Next.

  15. Select the format for the export file as Personal Information Exchange.

  16. Select the option to include all certificates in the path if possible.

  17. Tap or click Next.

  18. Select the check box to use a password with the file.

  19. Type the password.

  20. Confirm the password.

  21. Tap or click Next.

  22. Specify the file name and path for the export and tap or click Next.

  23. Review the information about the export.

  24. Tap or click Finish to export the certificate and key.

  25. Tap or click OK in the Export Successful dialog box.

Note

SECURITY ALERT KEEPING THE EFS KEY

It is a good idea to export the EFS key to an easy-to-remember location on your computer. After the export is complete, locate the file and copy it to a location from which you can easily access the file if needed, such as a removable USB drive.

Encryption is an easy way to enable each person to secure his or her files and folders on a computer. For some, this can provide peace of mind when storing files that contain sensitive information on any computer. Remember, however, that the key file automatically decrypts files upon opening for the user who encrypted them; if others gain access to that user account, the files could be compromised.

Important

RECOVERING EFS-ENCRYPTED FILES

Files encrypted with EFS cannot be recovered without the private key. It is extremely important for the key to be backed up and kept in a safe place. If people in your organization intend to use EFS, ensuring that the keys are backed up regularly in case recovery is needed might be a good idea.

BitLocker

Microsoft BitLocker is a whole-disk encryption method available in Windows 8 Professional and Enterprise editions. Like EFS, BitLocker encrypts files to make their access secure by the owner of the file. It differs from EFS because it works at the disk level, whereas EFS allows files to be selected and encryption applied to the folders or files. In many cases, BitLocker is easier to configure because it is enabled per disk or volume.

BitLocker is ideal for mobile devices such as laptops and tablets because the entire device can be misplaced. With BitLocker enabled on these devices, data cannot be decrypted by whomever has possession of the mobile device.

Using BitLocker requires either a Trusted Platform Module (TPM) to exist on the computer or a policy to be applied that allows BitLocker to run without TPM.

To configure BitLocker, complete the following steps:

  1. From Control Panel, open BitLocker Drive Encryption.

  2. Select the drive on which you would like to enable BitLocker.

  3. Select the Turn On BitLocker link.

    BitLocker encrypts the volume, which might take some time.

In addition to BitLocker, Windows 8 supports BitLocker To Go, which applies BitLocker encryption to removable volumes. This makes data on removable media inaccessible without the encryption key.

Note

USING BITLOCKER WITHOUT TPM

Computers and devices without TPM capabilities can also use BitLocker. To do this, Group Policy needs to be enabled to allow for additional security. Using additional authentication, such as a USB key with an encryption key stored on it, enables you to prove to Windows and BitLocker who you are and that you should be allowed access to this data. The policy needed can be found in Computer Configuration\Windows Components\BitLocker Drive Encryption\Operating System Drives\Require Additional Authentication At Startup.
 
Others
 
- Windows 8 : Working with file systems (part 3) - Auditing access to securable objects by using SACLs
- Windows 8 : Working with file systems (part 2) - Inheritance and cumulative effectiveness
- Windows 8 : Working with file systems (part 1) - Security within the file system
- Windows 8 : Managing disks and storage (part 5) - Using Microsoft Drive Optimizer to organize data - The DiskPart utility
- Windows 8 : Managing disks and storage (part 4) - Using Microsoft Drive Optimizer to organize data - Check Disk (chkdsk)
- Windows 8 : Managing disks and storage (part 3) - Using Microsoft Drive Optimizer to organize data
- Windows 8 : Managing disks and storage (part 2) - Disk Defragmenter and Disk Cleanup
- Windows 8 : Managing disks and storage (part 1) - Using disk management
- Windows 8 : Sharing printers - Configuring shared printers, Configuring printing permissions
- Windows 8 : Sharing files and folders (part 6) - Understanding NTFS permissions - Identifying permissions, Taking ownership of a resource
- Windows 8 : Sharing files and folders (part 5) - Understanding NTFS permissions - Creating advanced security settings
- Windows 8 : Sharing files and folders (part 4) - Understanding NTFS permissions - Modifying file or folder permissions
- Windows 8 : Sharing files and folders (part 3) - Sharing a folder
- Windows 8 : Sharing files and folders (part 2) - Enabling folder sharing using the Windows 8 interface, Enabling folder sharing using the traditional interface
- Windows 8 : Sharing files and folders (part 1) - Configuring the Network and Sharing Center
- Windows 8 : Configuring virtual machine networking and storage (part 3) - Assigning a virtual switch to a virtual machine , Assigning storage to a virtual machine
- Windows 8 : Configuring virtual machine networking and storage (part 2) - Hyper-V virtual switch
- Windows 8 : Configuring virtual machine networking and storage (part 1) - Introducing storage and networking for Hyper-V
- Windows 8 : Customizing the Lock Screen - Customizing the Lock Screen Background,Controlling the Apps Displayed on the Lock Screen, Disabling the Lock Screen
- Windows 8 for Business : Features Exclusive to Windows 8 Enterprise,Windows RT and Business
 
 
Most View
 
- Microsoft PowerPoint 2010 : Working with Charts - Inserting a Chart from Excel
- Windows 8 : Set Up a Connection or Network (part 1) - To set up a network
- Microsoft Excel 2010 : Working with Graphics - Inserting WordArt, Using Smart Art in Excel
- Windows Server 2012 : Scalable and elastic web platform (part 2) - Server Name Indication
- Windows 8 : Sharing and Securing with User Accounts - Logging In and Out of User Accounts
- Microsoft Project 2010 : Refining a Project Schedule (part 8) - Overlapping Tasks - Finding Tasks to Fast-Track
- Microsoft Exchange Server 2013 : Accessing and using Exchange Admin Center (part 1) - Accessing Exchange Admin Center
- Microsoft Project 2010 : Setting Up Project for Your Use - Defining Calendars (part 2) - Setting Project and Resources Calendar
- Windows Server 2012 : Windows PowerShell automation (part 2) - Disconnected sessions
- Microsoft Visio 2010 : Adding Structure to Your Diagrams - Working with Containers and Their Contents
 
 
Top 10
 
- Windows 8 : Navigating the Windows 8 Folder Windows (part 2) - Instant Search, The Ribbon, The Navigation Pane
- Windows 8 : Navigating the Windows 8 Folder Windows (part 1) - Folder Navigation
- Windows 8 : Understanding File Types - File Types and File Extensions, File Types and the Registry
- SQL Server 2012 : Other PerfMon Log Analysis Tools - Using SQL Server to Analyze PerfMon Logs
- SQL Server 2012 : Performance Analysis of Logs - Getting Started with PAL
- SQL Server 2012 : Getting More from Performance Monitor (part 2) - Disk or Storage-Related Problems, SQL Server Performance Problems
- SQL Server 2012 : Getting More from Performance Monitor (part 1) - Investigating CPU Problems, Investigating Memory-Related Problems
- Active Directory 2008 : Publishing Active Directory Objects (part 2) - Publishing Shared Folders, Querying Active Directory
- Active Directory 2008 : Publishing Active Directory Objects (part 1) - Publishing Printers
- Windows Phone 8 : Range Controls (part 2) - Progress Indicator, Slider , ScrollBar