The University of Texas at Austin

Security Awareness

Encrypting your data on a stand-alone PC

This procedure describes how to encrypt data on your Windows 2000 or higher computer that is not connected to the Austin domain. (Refer to this procedure if your Windows computer is connected to the Austin domain.) This procedure encrypts only the individual files or folders that you select. Once you complete this procedure, you may notice that your computer slows down a bit as you open and close files. You should notice this less over time.

Decrypting folders can be done by reversing the encrypting process.

Warning

If you encrypt the file system without escrowing the key, you will be unable to recover data if you forget the password.

Before you begin

Although individual files can be encrypted, it is strongly recommended that a specific designated folder be used for storing all encrypted data. If this is done, all files that are created in or moved to this folder will automatically obtain the encrypted attribute.

Encrypting a folder and its contents

To encrypt a folder and its current contents, follow these steps:

  1. From the Start menu, select My Computer to open Windows Explorer.
  2. Right-click the folder that you want to encrypt, and select Properties.
  3. In the Properties dialog box, click the Advanced button.
  4. To encrypt the folder, select the Encrypt contents to secure data option and click OK.

    Note: A file or folder cannot be both encrypted and compressed at the same time.
  5. Click OK to close the Properties dialog box.
  6. If the folder you chose to encrypt already contains files, Windows asks if you want to apply encryption to those files as well as to the folder. Select the option you want and click OK.
    • If you select Apply changes to this folder only, the files already residing in the folder will not be encrypted, but files subsequently moved to or created in this folder will be encrypted.
    • If you select Apply changes to this folder, subfolders, and files, all existing contents of the folder will be encrypted.

Once you have encrypted the folder, the names of the folder and all files that have been encrypted display in green in Windows Explorer.

If you move or copy an encrypted file on the same volume (drive, partition or network share), the file will retain its encryption. If you move or copy an encrypted file to another volume, the file will inherit the permissions of the new location. You will receive a warning concerning the loss of encryption.

Decrypting a folder encrypted with EFS

To decrypt a folder, use the same process as encrypting but in reverse order:

  1. Right-click the folder that you want to decrypt, and select Properties.
  2. In the Properties dialog box, click the Advanced button.
  3. The Advanced Attributes dialog box displays. To Decrypt the folder, clear the Encrypt contents to secure data option and click OK.
  4. Click OK to close the Properties dialog box.
  5. If the folder has files in it, the Confirm Attribute Changes dialog box displays. Select the option you want and click OK.
    • If you select Apply changes to this folder only, the files already residing in the folder will not be encrypted, but files subsequently moved to or created in this folder will be encrypted.
    • If you select Apply changes to this folder, subfolders, and files, all existing contents of the folder will be encrypted.
  6. The names of the folder and all files that have been decrypted display in the default color in Windows Explorer.