The University of Texas at Austin

Digital Certificates

Encrypting Files on a Windows Computer Using EFS

  • Operating System: Windows XP and Vista

Overview

Encrypted File System (EFS) on Windows protects files and folders while your computer is turned on. After you log in using your Windows logon password, your digital certificate decrypts the files for you to access. While you are working, requiring the use of your password to unlock your computer, remove the screen saver, and return from sleep mode ensures that EFS continues to protect your files without requiring you to log off every time you leave your computer for a few minutes.

There are some important system files that EFS does NOT protect when your computer is turned off, so you should consider using the Enterprise Whole Disk Encryption Service in conjunction with EFS. Enterprise Whole Disk Encryption protects the files that EFS cannot protect when the computer is off.

Once you encrypt your files, you can copy the encrypted files to other media, such as a thumb drive that is Windows (NTFS) formatted. You can also copy the file to other drives, partitions, or network shares on the same volume, and the file will retain its encryption.

Restrictions

  • Within the Austin domain, you can use EFS only with the Digital Certificates from ITS. This is to ensure that your data can be recovered if you lose your password.

  • Your desktop administrators may have configured your group policy to disallow the use of the EFS function. If this is the case, please contact them to discuss your file encryption options.

  • Currently, encrypting files and folders to multiple users is not supported. Additionally, encrypting files or folders is not supported on network shares. (This functionality will be enabled in a future release.)

  • If you move or copy an encrypted file to a volume that does not allow EFS, such as Austin Disk, the file will be moved or copied to the destination without encryption. You will be prompted to confirm that it is OK to remove the encryption.

  • If your computer is set up to use Desktop Redirect (which is a network share), you cannot encrypt the files within your Desktop or My Documents folders. EFS will work on other folders.

  • A file cannot be both encrypted and compressed at the same time.

Encrypting a folder and its contents

To encrypt a folder and its current contents, follow these steps:

  1. Windows XP and Server 2003 users, please install Windows Hotfix, available from BevoWare, prior to encrypting files.

  2. From the Start menu, select My Computer to open Windows Explorer.

  3. Right-click the folder that you want to encrypt, and select Properties.

    Note: Although individual files can be encrypted, it is strongly recommended that a specific designated folder be used for storing all encrypted data. If this is done, all files that are created in or moved to this folder will automatically be encrypted as well.

  4. In the Properties dialog box, click the Advanced button.

  5. To encrypt the folder, select the Encrypt contents to secure data option and click OK.

  6. Click OK to close the Properties dialog box.

  7. If the folder you chose to encrypt already contains files, Windows asks if you want to apply encryption to those files as well as to the folder. Select the option you want and click OK.

    • If you select Apply changes to this folder only, the files already residing in the folder will not be encrypted, but files subsequently moved to or created in this folder will be encrypted.

    • If you select Apply changes to this folder, subfolders, and files, all existing contents of the folder will be encrypted.

Once you have encrypted the folder, the names of the folder and all files that have been encrypted display in green in Windows Explorer.

Turning on password requirements

Your system administrator may have already set these options to require your password to clear the screen saver or sleep mode, but you should check to be sure. By default, Windows requires your password to unlock the computer.

  • In Windows XP, right-click the Desktop and select Properties.

    1. For the Screen Saver: Select the Screen Saver tab and choose a Screen saver from the drop-down list. Then select the On resume, password protect option.

    2. For the Standby Setting: Select the Screen Saver tab and click Power. Click the Advanced tab and select the option to Prompt for password when computer resumes from standby.

  • In Windows Vista, right-click the Desktop and select Personalize.

    1. For the Screen Saver: Select Screen Saver and choose a Screen saver from the drop-down list. Then select the On resume, password protect option.

    2. For the Standby Setting: Select Screen Saver and click the Change power settings link. In the left-hand column, select the Require a password on wakeup link. Select the option to Require a password. Repeat these steps for the Choose what the power buttons do and Choose what closing the lid does links.

Last updated December 10, 2012 @ 2:57 pm

We Can Help

Get help from an expert at the ITS Help Desk!

* Call us at 512-475-9400

* Submit a help request online

We also have a walk-in service in the first floor lobby of the Flawn Academic Center (FAC). Stop by and let us help you!