15

Ubuntu and MaxOS has an ability to encrypt home folder in case laptop is stolen. Is it possible to do same thing on Windows 7? I need to encrypt home folder so it will be encrypted and decrypted runtime using my password, so if laptop is stolen it is no way for a stealer to remove HDD and read / decrypt sensitive data.

If such thing is possible, what version of Windows 7 provides that functionality? Is "home premium" enough?

Improve this question
2
  • 1
    I'm reviving this zombie as it's an answer I'd like too, and not posting duplicate questions.
    – invert
    Commented Oct 22, 2010 at 13:48
  • 1
    I'd like an answer to the question in the title. I'd like to encrypt the home folder such that other people could use my laptop in a different account, but information in my home directory would be protected by my password. Whole disk encryption is no help in that regard.
    – Jason R. Coombs
    Commented Dec 18, 2014 at 18:21

5 Answers 5

Reset to default
9
+100

TrueCrypt provides the ability to do a pre-boot system encryption. Maybe thats what you're looking for.

Improve this answer
3
  • 2
    The OP asks for a way to 'decrypt at runtime using my password', ie windows logon. Pre-boot encryption would work, but a solution closer to the question is preferable.
    – invert
    Commented Oct 22, 2010 at 13:49
  • yes, but windows encryption seems to be to unsave for him ;)
    – dns13
    Commented Oct 22, 2010 at 14:25
  • 1
    I guess you win :) For myself, I want a solution to auto-crypt at login/logout, but not during pre-boot. The other answers are less practical in one way or another. +1 for TrueCrypt!
    – invert
    Commented Oct 27, 2010 at 13:23
8

I found this article on Microsoft.com, it was written for Vista, so should still work on 7.

  1. Right-click the folder or file you want to encrypt, and then click Properties.

  2. Click the General tab, and then click Advanced.

  3. Select the Encrypt contents to secure data check box, and then click OK.

Improve this answer
5
  • 1
    I'm not sure how secure is that. It seems that certificate is stored as a file on the same hard disk, so if laptop is stolen the stealer will just use that certificate to decrypt a folder?
    – grigoryvp
    Commented Oct 30, 2009 at 9:21
  • Is there any info on how secure this method really is? I also found it does not encrypt file structure, which is still visible and not that ideal.
    – invert
    Commented Oct 22, 2010 at 13:51
  • 6
    This only works for Ultimate or Pro versions of Windows 7/Vista...
    – studiohack
    Commented Oct 24, 2010 at 1:39
  • The OP simply asked for which version of Windows 7 he needed.
    – wag2639
    Commented Oct 27, 2010 at 7:23
  • In my experience, if you encrypt your home folder, you will never be able to permanently decrypt it, since it is always in use by the system. The specified file could not be decrypted.
    – cowlinator
    Commented Jun 16, 2018 at 1:05
4

It is possible to encrypt the entire hard drive (including the home folder) using the BitLocker feature. This is only available in Windows 7 Ultimate.

If by 'home folder' you mean user's data folder (C:\Users\username), that can probably be done in other versions.

Improve this answer
2
  • 2
    BitLocker requires hardware encrypton module (TPM) that is not avalable on most computers :(
    – grigoryvp
    Commented Dec 26, 2009 at 13:10
  • Laptops support TPM, but desktop boards do not. For us who don't have TPM we need a better solution. Also it's said that the only thing TPM provides is a 'false sense of security' - truecrypt.org/faq
    – invert
    Commented Oct 22, 2010 at 6:59
3

As alternative solutions to TrueCrypt, consider EncFS, VeraCrypt, or NTFS Encryption.

Paid alternatives include Microsoft's BitLocker, McAfee, and Symantec.

Using NTFS Encryption

Windows implements NTFS and Encrypting File System as a built in solution. This can be as simple as:

  1. Right Clicking the folder
  2. Select the General Tab,
  3. Click the Advanced Button,
  4. Check the Encrypt Contents to Secure Data Check Box.

However, I am not the best advocate for this solution, as most scenarios I encounter require backing up user files to a USB drive our cloud storage--where the requirement is to ensure the files remain encrypted on the USB drive or Cloud Storage.

The EncFS Alternative:

This is kind of the "go-to" solution for multi-platform needs, (Windows, Linux, Apple, Android, etc).

For example, EncFS will allow you to synchronize encrypted files to your iPhone, Android Phone, Apple, Linux, Windows, DropBox, GoogleDrive, whatever--and the files will remain encrypted on each device--this is not an option with NTFS EFS Encryption.

Since files are individually encrypted with EncFS, and can be synchronized one at a time, a large "encrypted container," does not have to be re-copied every time one file is changed, as is the case with Veracrypt/TrueCrypt.

However, the down-side is that you will have to edit Windows Login Scripts to mount the EncFS folders as the User's "Documents" folder, etc. But, with NTFS EFS Encryption, this is not an issue and works auto-magically.

Not Using BitLocker or VeraCrypt:

Functionally, BitLocker is similar to VeraCrypt/TrueCrypt when it comes to whole drive encryption. And for the same reasons, neither really address the need to encrypt different users' home folders individually: an admin who is able to decrypt the entire drive will have access to their home folder AND yours as well.

Further, even if you use a separate encrypted drive partition, for each user's "home folder", Windows will not prompt you to decrypt that drive, or prompt you to, at login. Windows will wait until after the User Environment is loaded. -- That means you cannot really "redirect" home folders, (documents, photos, etc), to that encrypted partition reliably.

For those reasons, EncFS is useful for encrypting particular folders, and files.

But, BitLocker and VeraCrypt, (... and dreamily, dmcrypt/Luks with mainstream support for Windows ... Someday ... Soon(tm)) ...

If Choosing to Use VeraCrypt/TrueCrypt:

Obviously, utilizing TrueCrypt, in view of the Security Audit, etc, is not the best idea.

However, there are a /lot/ of startup replacements, of which, Veracrypt "seems" like the most stable ... for now, *cough.

If you insist on using the old TrueCrypt, and you download it from third party sites. You can attempt to validate you have the original copy by:

  1. Downloading TrueCrypt's Public Key from their website.
  2. Searching for the original 7.1a download and signature.
  3. Verifying the digital signature of the downloaded file, like https://www.torproject.org/docs/verifying-signatures.html.en.
  4. Or Trusting a third party signature/key like, https://defuse.ca/truecrypt-7.1a-hashes.htm .

It is absolutely not the best practice to use unmaintained security tools, when valid alternatives exist. From TrueCrypt's Website: "Using TrueCrypt is not secure as it may contain unfixed security issues".

Improve this answer
10
  • If you trusted Truecrypt before you can still trust it. It's just not being updated
    – Ramhound
    Commented Nov 16, 2014 at 21:18
  • 1
    The OP's Question was regarding Home Folder encryption. Even on Linux, encfs is used for this--especially if syncing those files to the cloud. Regarding that last version of TrueCrypt being "digitally signed"--the signature is not on their website. Regardless, getting TrueCrypt from other sources likely net you a hacked version of TrueCrypt, signature file and key. The Best Practice remains: don't use unmaintained security tools especially if alternatives exist. From TrueCrypt's own website: "Using TrueCrypt is not secure as it may contain unfixed security issues."
    – elika kohen
    Commented Nov 18, 2014 at 13:45
  • 1
    I mention Linux in this context to show long-term viability. The fact is: EncFS is multi-platform, just as TrueCrypt 7.1a was/is--BitLocker is not. It is also true that EncFS has a lot more accountability, (auditing), and it is an established, multi-platform solution. EncFS is supported by Linux distributions. TrueCrypt does not remotely have this level of support behind it. Also, EncFS can work on Android devices. It is just a "holistic" solution, and a solution that facilitates syncing with cloud storage. The only other similar option is ecryptfs, which doesn't play well with Windows.
    – elika kohen
    Commented Nov 18, 2014 at 14:41
  • 1
    You are right, NTFS home folder encryption on Windows is a good solution. NTFS is by far the simplest solution. EncFS will support /all/ of these: multi-platforms, synchronizing /individually encrypted files/ to cloud storage/backup devices, redirection of home folders, support by Linux distributions ... NTFS Encryption does not*. ENCFS will allow a User to copy/paste an encrypted folder to a USB drive, and for it to remain encrypted and usable on other devices. 1. EncFS Encryption; 2. NTFS Encryption; 3. BitLocker; 4. a TrueCrypt Fork.
    – elika kohen
    Commented Nov 18, 2014 at 15:00
  • 1
    Well; I give up; I can't remove my downvote for a question that does not really address the author's question. While I understand answers are for everyone they have to at least attempt to solve the question's author needs.
    – Ramhound
    Commented Nov 18, 2014 at 15:02
2

See How To Encrypt a Folder Using TrueCrypt :

You can use TrueCrypt to create encrypted folder on your PC. With a TrueCrypt encrypted folder if your laptop is stolen, lost or you give someone to use it for a while you don’t need to get worry about your sensitive information being viewed. When you encrypt a folder the person using our PC won’t know what’s inside the folder and cracking TrueCrypt encryptions is a difficult and lengthy process that most laptop thieves or users won’t be familiar with.

As far as I know, the encryption for TrueCrypt was never broken.

NOTE: TrueCrypt is no longer being updated, but its last version still exists.

See also VeraCrypt :

VeraCrypt is a free disk encryption software brought to you by IDRIX (https://www.idrix.fr) and that is based on TrueCrypt.

VeraCrypt adds enhanced security to the algorithms used for system and partitions encryption making it immune to new developments in brute-force attacks.

VeraCrypt also solves many vulnerabilities and security issues found in TrueCrypt.

VeraCrypt can load TrueCrypt volume. It also offers the possibility to convert TrueCrypt containers and non-system partitions to VeraCrypt format.

Improve this answer
5
  • 1
    I'm a fan of truecrypt, but can't figure out how to use it to encrypt the user's home directory at logon, that is the unfortunate issue.
    – invert
    Commented Oct 22, 2010 at 13:55
  • I wonder what will happen if you do encrypt C:\Users\<name> and add the mount command at the user's logon script.
    – harrymc
    Commented Oct 22, 2010 at 14:24
  • There are some technical niceties to such a solution that can only be worked out by trying.
    – harrymc
    Commented Oct 22, 2010 at 15:11
  • @harrymc, TrueCrypt seems to be gone now.
    – Pacerier
    Commented May 20, 2015 at 9:08
  • 1
    @Pacerier: I updated my answer.
    – harrymc
    Commented May 20, 2015 at 10:08

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .