Terms of Use For FixedByVonnie

By proceeding to access fixedByVonnie.com, you expressly acknowledge, and agree to, all of the following:

fixedByVonnie.com is a personal website and blog owned by Security Plus Pro LLC, which is being presented for informational purposes only. The views on this website are solely those of the website owner (and not those of any employer or of any professional associations affiliated with the website owner).  Any views expressed in this website and any information presented on this website, or in any of its blog entries, should not be relied on for any purpose whatsoever other than as the personal opinions of the website owner.  The website owner expressly disclaims any and all liability for any information presented on this site.  The owner of this website and its blog posts shall not be held liable, and shall be held harmless, for any errors or omissions in any information or representations contained in this website, or in any of its blog entries.  The website owner also expressly disclaims any liability for the current or future availability of any such information. The website owner makes no representations as to the accuracy or completeness of any information on this website or which may be found by following any link on this website. The website owner shall not be held liable for any losses, injuries, damages, claims, or causes of action, from the display or use of any information on this website or in any of its blog entries. If you use the information on this website, or on any of its blog entries, you do so solely at your own risk.

How can I encrypt files and folders in Windows 8.1 Pro? - fixedByVonnie

How can I encrypt files and folders in Windows 8.1 Pro?

Ahh… Encryption.

The name conjures images of Jack Bauer and Chloe O’Brian from 24. I can picture Chloe huddled over her laptop in an unmarked windowless van, typing esoteric commands into a black terminal screen while Jack is stalking a special agent in an abandoned warehouse.  Choloe just hacked into the closed circuit security camera network and is giving Jack real-time commands to bypass thugs with guns.

24 is the quintessential TV show and I seriously hope they make it into a movie.

This guide won’t give you the deft skills of Jack Bauer but it’ll certainly make your files and folders more secure.  Keep reading to see how easy it is to encrypt files and folders without installing any additional software.

I’m going to show you why it makes sense to encrypt your files with the Encrypting File System (EFS).  Then I’ll explain some arguments against EFS and finally I’ll close with a quick tutorial on how to start encrypting stuff with it.

As always the tutorial is replete with screenshots so you really don’t even need to read anything.

If you need to encrypt something in a hurry, just scroll through the screenshots and you’ll get going in less than a minute.  I understand that your time is valuable and not everyone can wade through reams of text.  I wouldn’t want anyone to waste my time so I certainly won’t waste yours!

Okay, enough with my prolix prelude, let’s get down to business:

Why you should encrypt your stuff

Let’s say you lose your computer.

No wait, that’s not interesting enough.  

Let’s say someone breaks into your home and steals your computer.  You come home from work one day and your house has been ransacked.  Everything is in disarray.

Your family pictures are scattered across the floor, dresser drawers are open with cloths flung all over the place and every cabinet in your kitchen is open.

There’s shattered porcelain in the foyer and assorted accouterments sprawled out in the living room. In dismay, you walk into your bedroom and are aghast when you see the mattress overturned and shards of glass peppered on the floor.

It’s a disaster and you’re so overwhelmed with emotion you can barely speak.

You feel angry.

Vindictive.

Indignant.

But you also feel shocked.

Confused and surreal.

You feel…

Pain.

How could this happen to me?

And then you walk into the mini-office and see your laptop is missing!

But that’s a problem.  That’s a big problem because the financial records from your small business were stored on the hard drive.  Also digital copies of your medical records were there along with various account numbers, passwords and credit cards.

But then you experience a spontaneous moment of relief:

I use a pretty long password so my documents are good right?  It would take someone a long time to crack it so am I safe?

And to that I reply:

Did you use encryption?


Here’s the cold hard facts: A strong user account password doesn’t preclude the possibility of data theft.

Just because you took the time to carefully create a password that uses numbers, capital letters and even a few symbols, doesn’t mean I couldn’t view the data on your hard drive.

Think about it.

Let’s say I stole your computer, ripped out the hard drive and installed it in my computer as a secondary disk.  Now when I boot into the operating system I can easily view everything on the disk without ever entering a password.

Another way to render your password useless would be to boot to your stolen computer using something like a Linux Live CD.  Thus, there is a need to secure your hard drive with something stronger than just a user account password.

How do we circumvent this intractable problem?

… and that’s when Mr Encryption steps on to the stage, takes a bow and says in a bold orotund voice:

I’ll take care of you

Encryption is the way to go

Encryption has actually been available in Windows all the way back to the stone ages of Windows 2000.  In fact, almost every Pro version of Windows has the encrypting file system in some form.  For example, Windows XP Pro, Windows Vista Business, Windows 7 Pro, Windows 8 Pro and Windows 8.1 Pro all have EFS built in.

The advantage of EFS is that it’s now super easy to obfuscate almost any data you want. In addition, encryption and decryption happens at a layer below the file system so it happens transparently without bothering you.

EFS files are inaccessible from outside the file system.  So mounting the stolen drive as a secondary volume or attempting to view it from a Linux Live CD is futile.

On the flip side, the encryption strength is only as strong as your login password so if your computer account password is something silly such as password123 or love123 then when someone cracks it (in zero-seconds) they’ll obviously gain access to all your files.

The other thing to note is that with EFS inaccessibility isn’t the same thing as invisibility.

In other words, just because no one can read or write to your files doesn’t mean they can’t see that the file is there.  EFS doesn’t make stuff invisible to other users logged in the computer but it does prevent people from opening them.  Not even other Administrator accounts can access EFS files.

Here’s how to get started:

Encrypting with EFS

Press the Windows Logo key + e to right click a folder in Explorer containing the stuff you want to encrypt.

Choose Properties from the context menu.

Folder properties in Windows 8.1

Hit the Advanced… button in the lower right corner of the General tab

Advanced Folder Properties

In the bottom section of the Advanced Attributes box there’s a section called Compress or Encrypt attributes. Put a check to the left of Encrypt contents to secure data.  

Advanced Attributes Encrypt contents to secure data

Click OK to close the Advanced Attributes box then click OK on the folder properties box.

Confirming folder properties changes

A warning box will sprout asking you to confirm that you want to encrypt the folder and everything inside it.  Click OK to confirm.

Confirm Attribute Changes to Folder

Notice the folder named personal is now green indicating that its encrypted.

Normal folders versus Encrypted Folders

You should see a little notification peek onto the screen near the system time.  We need to click this little icon when it appears so we can backup your encryption key.

Back up your file encryption key

If it vanishes before you had a chance to grab it, you can click the tiny up arrow in the bottom right corner of the screen to view all notifications.  In the graphic below, the up arrow is immediately to the left of my battery icon.

Viewing the notification

Fortunately the key backup process is pretty straightforward.

We don’t want to procrastinate this step so let’s backup your new key now.  After clicking the notification balloon you’ll see backup up encryption key screen.

Click Back up now to launch the Certificate Export Wizard.

Encrypting File System key backup

This little tool will export the key and protect it using a password you define.  Once exported, we can stash the key to a USB stick or cloud drive.  Hopefully you’ll never need to use it but it’ll be there for you just-in-case.

Certificate Export Wizard

On the next screen you’ll see a list of key file formats.  Just keep the defaults and keep going.

EFS key formats

Next we’ll create a password to protect the key.

Password protecting the key is critical because even if someone somehow appropriated your key they couldn’t use it to decrypt your files without the password you enter here.

I suggest entering a strong password: meaning it’s at least 10 characters long and contains at least one number, symbol and capital letter.

Certificate Export Wizard Security form

Now we’re going to pick a place to save the key.  Click the Browse button.

Certificate Export Wizard File to Export

You can save the key anywhere you want but I recommend saving it to a dedicated USB drive that you can store away from your computer.  You can buy a cheapola 4GB USB drive on Amazon for less than $10 bucks.

Since my protected folder is named “personal”, I saved my key as personalEFSkey

Save Backup Key

Click Next to confirm the path

EFS key path

Verify the summary on the final screen and head to the finish line.

Complete the Certificate Export Wizard

A popup shoots on the screen telling you everything went well.

Click OK to close and you’re done.

Certificate Export Wizard the export was successful

Incidentally, if you ever want to remove folder and file encryption you can do that by right clicking the folder or file, going to Properties and unchecking Encrypt contents to secure data.

A confirmation box will ask to you confirm the decrypt attribute and then everything will be like it was before.

No green folders but also no protection so use with caution!

Decrypt file or folder

 

By the way, you can read more about EFS in Microsoft KB 223316.  Microsoft has a pretty good guide on best practices so it could be worth your time.

About

Connect with Vonnie on Twitter

Posted in Windows, Windows 8, Windows 8.1 Tagged with: ,