Because mobile drives are often used on different computers, accidentally will infect the computer inside of the virus, will cause the data in the mobile hard disk damage or loss, and if you take this mobile hard disk to other computer use, but also may infect other computers, so that virus Trojan continues to spread, However, ordinary anti-virus software is difficult to solve the mobile hard drive inside the virus. So how do we make sure that the mobile drives are secure? Small series to provide you with a solution-to the mobile hard disk encryption, blocking the virus Trojan intrusion.
Mobile hard disk encryption is not difficult, as long as a little bit of a setup can be achieved. The method taught in this article how to encrypt a removable hard disk under the NTFS file format
Using the mobile HDD encryption principle
NTFS and Winnt are a very secure and reliable advanced file system. In each operating system, NTFS also implements features such as file and folder permissions, encryption, disk quotas, and compression. The following sections explain how to use NTFS to provide encryption and system digital certificates to encrypt data. Improve the security of file data.
NTFS-formatted removable hard drive Encryption
Set the partition format of the removable hard disk to NTFS, and you can encrypt all the files in the partition with EFS. Specific encryption steps: Select to move the folder to encrypt or move the hard drive letter, properties-general-advanced-Check the "Encrypt content to protect data" checkbox, OK-ok-OK, the continuous point is OK three times, EFS encryption operation is very fast, so it can not be accessed on other computers.
The following diagram of its operation flow:
Here we use the "BG" folder on our mobile hard drive to illustrate this.
If you see a picture of three cases, in the folder after the file name has become green, the file encryption success! At this point, when your mobile hard drive is used on someone else's computer, you don't have to worry about the little secret you've encrypted.
However, if you see the following situation, your mobile hard drive to write protection operations, which need to remove write protection, you can modify the registry to remove write protection, and then move the hard disk again connected, and then repeat the operation on the line!
You will also find that when you copy a file to a mobile hard drive, you may see the following:
To modify the write protection value for a removable hard disk, the following actions are:
Start Menu-run-"regedit" opens the registry
Modified as follows:
Hkey_local_machinesystemcurrentcontrolsetcontrol Storagedevicepolicies under the Writeprotect, the value of 1 to 0, OK
A few issues to be noted:
1, if you want to reload the system, before reloading must first decrypt the file, or after reloading will not be able to decrypt. Like decryption and encryption, to remove the "encrypt content to protect data" check box, click OK.
2, EFS encryption method is the most simple and practical, but be sure to ensure that the key is backed up (the key used in a RAR encrypted compression stored in a safe place or mailbox), to prevent their computer paralysis or reload the system after decryption. Otherwise, in the event of an accident, the file is not decrypted before the system reload, and there is no way to decrypt the files. So be sure to pay attention to backup keys, remember to remember!
To back up a key:
1: "Start → run", enter "MMC", and click OK. (certmgr.msc)
2: On the Console menu, click File Add/Remove Snap-in, and then click Add.
3: Under Separate snap-in, click Certificates, and then click Add.
4: Click "My user Account",
Then click Finish, click Close, and then click OK.
5: Double-click Certificate-Current user, double-click Personal, and then double-click Certificates.
6: In the Intended purpose column, click the certificate that displays the word "Encrypting File System". Right-click the certificate, select All Tasks, and then click Export.
8: Export the certificate and associated private key in a PFX file format as instructed by the Certificate Export Wizard (Note: Exporting with the export private key is recommended) to ensure that the certificate is password protected from being stolen by others. Also note that certificates can only exist in folders where you have read and write permissions.
Finally, to mention that this certificate has other uses:
First, give different users access to the encrypted folder
Export my certificate as the export private key, and send the certificate to another user of the local computer that needs to access the folder. Then he logs in, imports the certificate, and realizes access to the folder.
Second, restore access to the previous encrypted folder that was backed up with the backup recovery program on its WinXP machine
Back up the encrypted folder with a backup recovery program, and then copy the generated backup.bkf along with this certificate to another WinXP machine and restore it with the backup recovery program (note: You can only revert to an NTFS partition). You can then import the certificate to access the recovered file.
Third, in the encryption process should also pay attention to the following five points:
(1. To open Windows Explorer, click start → programs → attachments, and then click Windows Explorer.)
(2. Files that are marked as System properties cannot be encrypted, and files located in the systemroot directory structure cannot be encrypted.)
(3. Compressed files or folders can also be encrypted.) If you encrypt a compressed file or folder, the file or folder will be uncompressed.
(4. Only files and folders on NTFS-partitioned volumes can be encrypted, and files and folders on the FAT partition volume are invalid.)
(5. When encrypting a folder, the system asks if you want to encrypt its subfolders at the same time.) If selected, its subfolders will also be encrypted, and all files and subfolders added to the folder will be automatically encrypted when added.
Four. Keep your certificate in good
Save the PFX file. After reloading the system at a later time, simply double-click the certificate file to import the private certificate to access the folder encrypted by the original user of the certificate under the NTFS system (note: Encrypted folders on NTFS partitions backed up using the backup Restore feature cannot be restored to a non-NTFS partition).