As we all know, Windows Vista has made great improvements in security to ensure the confidentiality of user data. The system-level security protection BitLocker provided in Windows Vista Enterprise and Ultimate can provide the complete drive encryption function, this effectively prevents Windows Vista users from being threatened by data theft or leakage due to PC hardware loss, theft, or improper elimination. Even if an illegal user starts another system and browses files stored in a protected drive in an offline manner, the encrypted information cannot be read for enhanced data protection.
Generally, to achieve the best security protection effect, it is best to apply BitLocker to systems that support Trusted Platform modules (TPM: Trusted Platform Module) 1.2 and later versions, in this way, hardware-based full-disk encryption can be achieved. Of course, Windows Vista also supports the use of Bitlocker in systems without TPM.
In addition to Bitlocker, in Windows Vista, we can also use EFS (Encrypt File System: Encrypted File System) for more flexible data protection. Although EFS is not a new technology, in Windows vista, both features and ease of use have been greatly improved.
To put it simply, EFS can store folders/files on the hard disk in encrypted form. In this way, a specific file/folder can only be opened by users with correct certificates and private key authentication, the encryption and decryption process is automatically performed in the background by Windows. You can use the file in the usual way. When you close the file, the file will be encrypted. When you re-open the file, it will be decrypted. Users who do not have the operation permission certificate cannot access the file/folder even if they reinstall the system.
How to encrypt files/folders
To encrypt files/folders in Windows Vista, follow these steps:
1. Find the file/folder to be protected in resource manager, right-click and select "properties ";
2. Click "advanced" on the "General" option page;
3. Select "encrypt content to protect data" in Advanced properties and click "OK ";
4. Click "OK" on the "General" option page returned. The system will ask for further settings based on the differences between the encrypted file and the folder, for example, when you encrypt a folder, ask whether to apply it to its subfolders and files. When you encrypt a file, ask whether to encrypt the parent folder of the file. Select the appropriate option as needed; in this way, encryption is completed.
In resource manager, you can see that the encrypted files/folders are displayed in green and the "details" of their encryption properties are displayed. In our example, currently, this file is only accessible by HighDiy users.
It should be noted that file encryption (EFS) can only be used on the hard disk of the NTFS file system. At the same time, encryption and NTFS compression functions cannot be used at the same time, that is, if you use the File compression function for a specific file, you cannot encrypt it.
In addition, it must be clear that Windows Vista Starter, Windows Vista Home Basic, and Windows Vista Home Premium versions do not fully support EFS and can only implement some functions.