Implementing EFS on the Local Computer

In this exercise, we'll step through encrypting a folder and file on the local computer. You'll see this process is transparent to the user and is relatively fast. We'll also add other users to the file to share the encrypted file.

1. On your desktop, create a folder called EFSTest.

2. Right-click the folder and select Properties.

3. In the EFSTest Properties dialog, the General tab is selected by default. Click the Advanced button on the General tab.

4. The Advanced Attributes dialog is displayed, as shown in Figure 9.23.

Figure 9.23 Advanced Attributes for EFS Folder Encryption

Figure 9.23 Advanced Attributes for EFS Folder Encryption

5. There are two sections in the Advanced Attributes dialog. In the second section labeled Compress or Encrypt attributes are two check boxes. The first check box, Compress contents to save disk space, will compress the contents of the folder. The second check box, Encrypt contents to secure data, will enable encryption for the folder and all files in the folder. Notice that you cannot select both check boxes as the same time. You can select one or the other but not both (an unusual behavior for check boxes). This is because you must decompress a file before it can be encrypted, so you cannot use both simultaneously.

6. Click Encrypt contents to secure data, then click OK.

7. In the EFSTest Properties, click OK to close the dialog.

8. Right-click the EFSTest folder and then click Explore. In the left pane, click the Desktop node. In the right pane, the desktop items are listed, which should include the EFSTest folder. Notice that the EFSTest folder is listed in a different color and that the attribute is listed as AE. The "E" indicates the folder is encrypted.

9. Select the EFSTest folder in the left pane. Click File | New and select Text Document. A new document is created in the EFSTest folder called New Text Document.txt and it also has the AE attribute, as shown in Figure 9.24. Press Enter to access this new document name.

Figure 9.24 File Attribute Indicating Encryption

Figure 9.24 File Attribute Indicating Encryption

10. In the right-pane of Explorer, right-click the New Text

Document.txt file and select Properties. Click the Advanced button on the General tab of the document's Properties dialog.

11. In the Advanced Attributes dialog, click the Details button to display the Encryption Details for C:\. The path displayed will depend on the location of the file to be shared. This dialog, shown in Figure 9.25, provides the ability to add users who can access the file. However, any users to be added must have a valid certificate.

12. Click the Add button to display the Select User dialog. If you have additional users defined on the computer with certificates, they will be displayed. If the user is not displayed, you can click the Find User button.

Figure 9.25 EFS File Sharing Dialog

Encryption Details foi C:\Documents and Setlings^AdminislratoADes...

Users Who Can Transparently Access This File:

Encryption Details foi C:\Documents and Setlings^AdminislratoADes...

Users Who Can Transparently Access This File:

User Name

1 Certificate Thum... |

Administrator (Administrators MALLB U SINE SS )

DB7B E210 91E...

Add...

Backup Keys

Data Recovery Agents For This File As Defined By Recovery Policy:

Recovery Agent Name

Certificate Thum...

Administrator

63F4D2E2E94...

13. Type in the name of a defined user on the machine and then click the Check Names button to display the user account. In the example shown in Figure 9.26, user Rosie Black is added.

Figure 9.26 Adding User for Shared EFS File

Figure 9.26 Adding User for Shared EFS File

14. If the user you add does not have a certificate, you will see an alert indicating the selected user cannot be added because a certificate does not exist for that user, as shown in Figure 9.27.

Figure 9.27 No User Certificate Available

?\ No appropriate certificates correspond to the selected user.

15. If you receive this alert, click OK to close the Select User Alert. Otherwise, if you do not receive this alert, the user has a valid certificate and is added to the Select User list. Click OK to accept or Cancel to reject changes and close the Select User dialog.

16. Click OK or Cancel to close the original Select User dialog.

17. In the Encryption Details for C:\... dialog, any users you've added are displayed in the upper portion of the dialog with User Name and Certificate Thumbprint displayed.

18. Click OK or Cancel to close the Encryption Details dialog. Click OK or Cancel to close the Advanced Attributes dialog. Finally, click OK or Cancel to close the New Text Document.txt Properties dialog.

19. If desired, drag the EFS Test folder to the Recycle Bin. If you do so, you can open the Recycle Bin and look in the EFS Test folder. The New Text Document.txt file is still encrypted, providing data security even when the file is deleted from the system.

20. Close Explorer by clicking the X in the upper-right corner or by clicking File | Close.

EFS can be implemented on the local computer or on a remote server.You can do this in one of several ways.You can set recovery policy via Group Policy on the local computer or for the domain via the MMC Group Policy Editor snap-in.You can also use a command line utility, cipher.exe, to display or alter encryption on folders and files. We'll discuss the cipher.exe command-line utility in just a moment.

Was this article helpful?

0 0
Computer Hard Drive Data Recovery

Computer Hard Drive Data Recovery

Learn How To Recover Your Hard Drive Data After A Computer Failure.

Get My Free Ebook


Post a comment