File security: the best use of EFS encryption in Vista

Since windows 2000, Microsoft has provided us with an EFS encryption function. With this function, we can encrypt the files stored on the NTFS partition so that they cannot be opened. Although this feature has been available for a long time, many people may lose a lot of data because they do not know it.

In fact, from the design point of view, EFS encryption is a secure public key encryption method. As long as others cannot obtain your private key, it cannot be cracked at the current technical level. Compared with other encryption software, the biggest advantage of EFS is its close integration with the system, while the entire process is transparent to users. For example, if user A encrypts A file, only user A can open the file. When user A logs on to Windows, the system has verified the legality of user A. In this case, user A can directly open its own encrypted file in Windows Resource Manager, and edit. When saved, the edited content is automatically encrypted and merged into the file. In this process, the user does not need to repeat his or her password, or perform manual decryption and re-encryption operations. Therefore, EFS is very convenient to use.

Operating systems that fully support EFS encryption and decryption include all versions of Windows 2000, Windows XP Professional, Windows Vista Business, Enterprise, and Ultimate ). Windows Vista Home Basic and Home Premium can only open files encrypted by EFS with keys, but cannot encrypt new files.

To introduce you to the use of this function, the following describes the operations in Windows Vista flagship edition. These operations are also applicable to Windows Vista Business Edition and Enterprise Edition. The details of other Windows operating systems that support EFS may vary.

File encryption and decryption is very simple. You only need to right-click the file or folder you want to encrypt or decrypt in Windows Resource Manager and select "properties ", open the "General" tab in the "properties" dialog box, and then click the "advanced" button to open the "Advanced properties" dialog box.

Open the "Advanced properties" dialog box to encrypt or decrypt the file.

If you want to encrypt the file or folder, select "encrypt content to protect data". If you want to decrypt the file or folder, select "encrypt content to protect data ", click OK. If the encryption or decryption object is a folder containing subfolders or files, click OK, the "Confirm attribute change" dialog box is displayed.

In the confirm attribute change dialog box, select the application scope of the encryption or decryption operation.

Here, we can decide which objects to apply this attribute change. For example, if you want to encrypt or decrypt the subfolders and files in the folder at the same time, you can select "Apply changes to this folder, subfolders, and files "; if you only want to encrypt or decrypt the folder, you can select "Apply changes only to this folder ".

By default, encrypted files or folders are displayed in green in Windows Resource Manager. If you do not want to use this feature, you can change the default settings as follows:

1. Open "computer"-"My Computer". If it is Windows Vista, press Alt to open the menu bar.

2. Click "Tools" and "Folder Options" in sequence on the menu bar to open the "Folder Options" dialog box and open the "View" tab.

3. In the advanced settings list, deselect the color display encryption or compressed NTFS file option.

4. Click OK ".

Many people suffer losses when using EFS encryption. As mentioned above, EFS is a public key encryption system. Therefore, both encryption and decryption require the participation of certificates (also called keys. For example, many people perform this operation: the file is encrypted with EFS in the system, and the operating system is directly reinstalled for some reason one day, and an account with the same username and password as the old system is created, however, I found that all my previously encrypted files could not be opened.