3

I have encrypted a folder from the (Properties>Advanced>Encrypt contents to secure data). However when I change my user profile to another one which is also an administrator the folder seems to be accessible as if nothing happened.

What exactly does this encryption protect against. I'm looking to encrypt folders that no other user, or another OS or even if the HDD were to be removed and plugged to another device will be accessible.

My OS is Windows 7 Ultimate.

Any suggestions?

Improve this question
0

1 Answer 1

Reset to default
3

NTFS encryption

The Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption. The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.

Source: Encrypting File System

Folder encryption

Windows does not really encrypt folders: when you enable the encryption option, all you're doing is forcing new files created inside to be automatically encrypted. Quoting Wikipedia:

Folders whose contents are to be encrypted by the file system are marked with an encryption attribute. The EFS component driver treats this encryption attribute in a way that is analogous to the inheritance of file permissions in NTFS: if a folder is marked for encryption, then by default all files and subfolders that are created under the folder are also encrypted.

Source: Encrypting File System

If you don't want the folder content to visible at all, you need to change the Access Control List (ACL) permissions from the Security tab of the folder properties. Even if someone else were able to change the permission and see the files, he/she couldn't open them anyway.

Note EFS is not fully supported on Windows 7 Starter, Home Basic, and Home Premium editions.

Further reading

Full encryption

If you need true disk encryption, you should probably look into BitLocker (only available on the Ultimate and Enterprise editions), or a third-party solution like TrueCrypt.

TrueCrypt - update

The official TrueCrypt website now reads:

WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

This page exists only to help migrate existing data encrypted by TrueCrypt.

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP.

Further reading

Improve this answer
6
  • How do I change the ACL, and can someone other than me change the permissions back? Could you elaborate more on this matter?
    – Ray
    Commented Feb 14, 2014 at 14:11
  • Please note that I'm looking for something that encrypts specific folders. Bitlocker and Truecrypt encrypt the entire partition. (As far as I know)
    – Ray
    Commented Feb 14, 2014 at 14:19
  • Thats for windows, what about third party software. Is there anything that can encrypt specific folders?
    – Ray
    Commented Feb 14, 2014 at 14:54
  • @Yoda I've merged the comments in my previous answer, and I've added some more info. Let me know if you have any further questions or doubts.
    – and31415
    Commented Feb 14, 2014 at 17:13
  • Thank you very much for your help. Great refinement. I had one final question. How do I access these NTFS encrypted files incase I removed my OS and installed a fresh copy (Win7). I suppose there is a key somewhere that I can keep a backup of?
    – Ray
    Commented Feb 16, 2014 at 23:11

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .