IT tutorials
 
Windows
 

Windows 8 : Working with file systems (part 4) - Understanding Encrypting File System, BitLocker

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
10/10/2014 9:21:58 PM

Understanding Encrypting File System

Windows and NTFS provide a method for each person using a computer to encrypt his or her files, folders, and drives. Encrypting File System (EFS) is a method used to encrypt files and determine who can access the files. No administrative privileges are needed to use EFS. To enable it for a folder, complete the following steps:

  1. Locate the folder in File Explorer.

  2. Press and hold or right-click the folder to be encrypted.

  3. Select Properties.

  4. On the General tab of the Properties dialog box, tap or click Advanced.

  5. Select the Encrypt Contents To Secure Data check box.

  6. Tap or click OK in the Advanced Attributes dialog box.

  7. Tap or click Apply in the Properties dialog box.

  8. Tap or click OK.

When the folder has been encrypted, a balloon appears, reminding you to back up your encryption key for the folder. Without that key, you cannot access the files or folders that are encrypted with EFS. The encryption key is stored with your user account information in the operating system; all the files you encrypt with EFS use the same key per computer.

To back up the private key for your EFS-encrypted files, complete the following steps:

  1. Open a blank Microsoft Management Console by searching for MMC on the Start screen.

  2. Select File and Add/Remove Snap-In.

  3. Select the Certificates snap-in and tap or click Add.

  4. Select My User Account as the scope for which this snap-in will manage certificates.

  5. Tap or click Finish.

  6. Tap or click OK.

  7. In the Console window, expand Certificates - Current User.

  8. Expand Personal.

  9. Select Certificates.

  10. In the results pane, locate the certificate with Encrypting File System listed in the Intended Purposes column and tap or click to select it.

  11. Under the actions pane for the selected certificate, select More Actions.

  12. Select All Tasks.

  13. Tap or click Export.

    This opens the Certificate Export Wizard. Click Next.

  14. Select the Yes, Export The Private Key option and tap or click Next.

  15. Select the format for the export file as Personal Information Exchange.

  16. Select the option to include all certificates in the path if possible.

  17. Tap or click Next.

  18. Select the check box to use a password with the file.

  19. Type the password.

  20. Confirm the password.

  21. Tap or click Next.

  22. Specify the file name and path for the export and tap or click Next.

  23. Review the information about the export.

  24. Tap or click Finish to export the certificate and key.

  25. Tap or click OK in the Export Successful dialog box.

Note

SECURITY ALERT KEEPING THE EFS KEY

It is a good idea to export the EFS key to an easy-to-remember location on your computer. After the export is complete, locate the file and copy it to a location from which you can easily access the file if needed, such as a removable USB drive.

Encryption is an easy way to enable each person to secure his or her files and folders on a computer. For some, this can provide peace of mind when storing files that contain sensitive information on any computer. Remember, however, that the key file automatically decrypts files upon opening for the user who encrypted them; if others gain access to that user account, the files could be compromised.

Important

RECOVERING EFS-ENCRYPTED FILES

Files encrypted with EFS cannot be recovered without the private key. It is extremely important for the key to be backed up and kept in a safe place. If people in your organization intend to use EFS, ensuring that the keys are backed up regularly in case recovery is needed might be a good idea.

BitLocker

Microsoft BitLocker is a whole-disk encryption method available in Windows 8 Professional and Enterprise editions. Like EFS, BitLocker encrypts files to make their access secure by the owner of the file. It differs from EFS because it works at the disk level, whereas EFS allows files to be selected and encryption applied to the folders or files. In many cases, BitLocker is easier to configure because it is enabled per disk or volume.

BitLocker is ideal for mobile devices such as laptops and tablets because the entire device can be misplaced. With BitLocker enabled on these devices, data cannot be decrypted by whomever has possession of the mobile device.

Using BitLocker requires either a Trusted Platform Module (TPM) to exist on the computer or a policy to be applied that allows BitLocker to run without TPM.

To configure BitLocker, complete the following steps:

  1. From Control Panel, open BitLocker Drive Encryption.

  2. Select the drive on which you would like to enable BitLocker.

  3. Select the Turn On BitLocker link.

    BitLocker encrypts the volume, which might take some time.

In addition to BitLocker, Windows 8 supports BitLocker To Go, which applies BitLocker encryption to removable volumes. This makes data on removable media inaccessible without the encryption key.

Note

USING BITLOCKER WITHOUT TPM

Computers and devices without TPM capabilities can also use BitLocker. To do this, Group Policy needs to be enabled to allow for additional security. Using additional authentication, such as a USB key with an encryption key stored on it, enables you to prove to Windows and BitLocker who you are and that you should be allowed access to this data. The policy needed can be found in Computer Configuration\Windows Components\BitLocker Drive Encryption\Operating System Drives\Require Additional Authentication At Startup.

 
Others
 
- Windows 8 : Working with file systems (part 3) - Auditing access to securable objects by using SACLs
- Windows 8 : Working with file systems (part 2) - Inheritance and cumulative effectiveness
- Windows 8 : Working with file systems (part 1) - Security within the file system
- Windows 8 : Managing disks and storage (part 5) - Using Microsoft Drive Optimizer to organize data - The DiskPart utility
- Windows 8 : Managing disks and storage (part 4) - Using Microsoft Drive Optimizer to organize data - Check Disk (chkdsk)
- Windows 8 : Managing disks and storage (part 3) - Using Microsoft Drive Optimizer to organize data
- Windows 8 : Managing disks and storage (part 2) - Disk Defragmenter and Disk Cleanup
- Windows 8 : Managing disks and storage (part 1) - Using disk management
- Windows 8 : Sharing printers - Configuring shared printers, Configuring printing permissions
- Windows 8 : Sharing files and folders (part 6) - Understanding NTFS permissions - Identifying permissions, Taking ownership of a resource
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
Facebook
 
Technology FAQ
- IIS Web site works in all browsers except Safari on Mac
- notification
- alternative current in to a pc
- parse url in JavaScript
- Dual WAN on a Fortigate 60
- Should Sys Admins (Domain Admins) also have user accounts?
- DR solution for data warehouse
- C# Creating Plugins
- SCCM 2007 collection by OU not showing all pc's
- Email account got spoofed?
programming4us programming4us